Unable to use USB device in KVM quest

Thanks for taking the time to submit this bug and helping to make Ubuntu better.

dmesg has no more apparmor errors, so it is not likely the cause of the permission denial. But libvirt is supposed to change the ownership of the usb device so that libvirt can access it. So I'm not sure what is causing this.

Could you append your /etc/libvirt/qemu.conf file, and /var/log/libvirt/qemu/VM.log where VM is the name of the libvirt vm and the result of 'ls -l /dev/bus/usb/001/004'.

qemu.conf added as requested

VM.log added as requested

Serge,
Have added attachments as requested

Regards
Roy

Roy Carter

- Sent from mobile phone -

----- Reply message -----
From: "Serge Hallyn" <email address hidden>
Date: Thu, May 26, 2011 01:10
Subject: [Bug 787091] Re: Unable to use USB device in KVM quest
To: <email address hidden>

Thanks for taking the time to submit this bug and helping to make Ubuntu
better.

dmesg has no more apparmor errors, so it is not likely the cause of the
permission denial. But libvirt is supposed to change the ownership of
the usb device so that libvirt can access it. So I'm not sure what is
causing this.

Could you append your /etc/libvirt/qemu.conf file, and
/var/log/libvirt/qemu/VM.log where VM is the name of the libvirt vm and
the result of 'ls -l /dev/bus/usb/001/004'.

** Changed in: qemu-kvm (Ubuntu)
       Status: New => Incomplete

--
You received this bug notification because you are a direct subscriber
of the bug.
https://bugs.launchpad.net/bugs/787091

Title:
  Unable to use USB device in KVM quest

Status in “qemu-kvm” package in Ubuntu:
  Incomplete

Bug description:
  Binary package hint: qemu-kvm

  Ubuntu 10.04 Server:

  I have been trying for some considerable time to get a Windows XP
  guest to recognise a USB Canon printer. I have searched google
  endlessly and applied a number of changes to apparmor profiles. I am
  still not able to get the guest to recognise that there a USB device
  attached. I was originally getting repeated messages in kern.log as
  below but the apparmor changes did resolve these:

  May 22 08:01:51 vmserver kernel: [424696.858434] type=1503
  audit(1306047711.654:81239): operation="open" pid=19695 parent=1
  profile="libvirt-629433c8-3714-561b-8e91-4a8a9bb65b9f"
  requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0
  name="/sys/devices/pci0000:00/0000:00:05.0/0000:02:00.0/usb8/devnum"

  I am now left with messages in the VM log file as follows which I
  cannot find a solution for:

  char device redirected to /dev/pts/5
  usb_create: no bus specified, using "usb.0" for "usb-host"
  husb: open device 1.4
  /dev/bus/usb/001/004: Operation not permitted
  husb: open device 1.4
  /dev/bus/usb/001/004: Operation not permitted
  husb: open device 1.4

  This is a fairly basic requirement and hopefully a solution already exists.

  ProblemType: Bug
  DistroRelease: Ubuntu 10.04
  Package: kvm 1:84+dfsg-0ubuntu16+0.12.3+noroms+0ubuntu9.6
  ProcVersionSignature: Ubuntu 2.6.32-31.61-server 2.6.32.32+drm33.14
  Uname: Linux 2.6.32-31-server x86_64
  NonfreeKernelModules: fglrx

Thanks for the additional info. You're running with user and group root. I wonder if there is a bug in that path. Could you do

for i in `pidof kvm`; do
   echo $i >> statusinfo
   cat /proc/$i/status >> statusinfo
   echo >> statusinfo
done

and post statusinfo?

Finally (and perhaps most usefully) please do:

strace -f -ooutout2 qemu -usb -usbdevice tablet -vnc :1 -vga cirrus -usbdevice host:04a9:1093

then, after a little while, kill it with control-c and append the file 'outout2' which strace created to this bug.

Requested output of ls -l /dev/bus/usb/001/007

Output of the following attached:
for i in `pidof kvm`; do
   echo $i >> statusinfo
   cat /proc/$i/status >> statusinfo
   echo >> statusinfo
done

output of the following attached:

strace -f -ooutout2 qemu -usb -usbdevice tablet -vnc :7 -vga cirrus -usbdevice host:04a9:1717

output of the following attached:

strace -f -ooutout2 qemu -usb -usbdevice tablet -vnc :7 -vga cirrus -usbdevice host:04a9:1717

Serge,
     I believe I have now added the additional items requested. The ID
of the device and the connected point is now different, let me know if
this confuses things.

Regards

Roy

On 26/05/2011 16:53, Serge Hallyn wrote:
> Finally (and perhaps most usefully) please do:
>
> strace -f -ooutout2 qemu -usb -usbdevice tablet -vnc :1 -vga cirrus
> -usbdevice host:04a9:1093
>
> then, after a little while, kill it with control-c and append the file
> 'outout2' which strace created to this bug.
>

Thanks. Unfortunately the strace output didn't show kvm trying to access the usb device at all, and the status info doesn't show anything. DAC should not be preventing this access.

To be sure I'm understanding correctly - you see no apparmor errors at all in your syslog any more since you added your new rules, right?

Serge,
I will rerun tests and send results this morning.

Regards

Roy

Roy Carter

- Sent from mobile phone -

----- Reply message -----
From: "Serge Hallyn" <email address hidden>
Date: Fri, May 27, 2011 04:37
Subject: [Bug 787091] Re: Unable to use USB device in KVM quest
To: <email address hidden>

Thanks. Unfortunately the strace output didn't show kvm trying to
access the usb device at all, and the status info doesn't show anything.
DAC should not be preventing this access.

To be sure I'm understanding correctly - you see no apparmor errors at
all in your syslog any more since you added your new rules, right?

--
You received this bug notification because you are a direct subscriber
of the bug.
https://bugs.launchpad.net/bugs/787091

Title:
  Unable to use USB device in KVM quest

Status in “qemu-kvm” package in Ubuntu:
  New

Bug description:
  Binary package hint: qemu-kvm

  Ubuntu 10.04 Server:

  I have been trying for some considerable time to get a Windows XP
  guest to recognise a USB Canon printer. I have searched google
  endlessly and applied a number of changes to apparmor profiles. I am
  still not able to get the guest to recognise that there a USB device
  attached. I was originally getting repeated messages in kern.log as
  below but the apparmor changes did resolve these:

  May 22 08:01:51 vmserver kernel: [424696.858434] type=1503
  audit(1306047711.654:81239): operation="open" pid=19695 parent=1
  profile="libvirt-629433c8-3714-561b-8e91-4a8a9bb65b9f"
  requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0
  name="/sys/devices/pci0000:00/0000:00:05.0/0000:02:00.0/usb8/devnum"

  I am now left with messages in the VM log file as follows which I
  cannot find a solution for:

  char device redirected to /dev/pts/5
  usb_create: no bus specified, using "usb.0" for "usb-host"
  husb: open device 1.4
  /dev/bus/usb/001/004: Operation not permitted
  husb: open device 1.4
  /dev/bus/usb/001/004: Operation not permitted
  husb: open device 1.4

  This is a fairly basic requirement and hopefully a solution already exists.

  ProblemType: Bug
  DistroRelease: Ubuntu 10.04
  Package: kvm 1:84+dfsg-0ubuntu16+0.12.3+noroms+0ubuntu9.6
  ProcVersionSignature: Ubuntu 2.6.32-31.61-server 2.6.32.32+drm33.14
  Uname: Linux 2.6.32-31-server x86_64
  NonfreeKernelModules: fglrx
  Architecture: amd64
  Date: Mon May 23 17:33:39 2011
  InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
  KvmCmdLine:
   UID PID PPID C SZ RSS PSR STIME TTY TIME CMD
   root 3604 1 25 188376 364400 1 15:55 ? 00:24:30 /usr/bin/kvm -S -M pc-0.12 -enable-kvm -m 512 -smp 2,cores=2 -name Trixbox2.8 -uu=

At Serge's request.
I have run a fresh set of tests with this issue. I rebooted the host with the usb canon mp510 printer attached and turned on. At 11:25am I started the Windows XP VM with virt-manager. The attached tar file contains the outputs of:

dmesg
/usr/log/libvirt/qemu/VM.log
lsusb
ls -l /dev/bus/usb/001/002
short extract of /var/log/kern.log,messages, debug, daemon.log

/tmp# for i in `pidof kvm`; do echo $i >> statusinfo; cat /proc/$i/status >> statusinfo; echo >> statusinfo; done

/tmp# strace -f -ooutout2 qemu -usb -usbdevice tablet -vnc :2 -vga cirrus -usbdevice host:04a9:1717
usb_create: no bus specified, using "usb.0" for "usb-host"
husb: open device 1.2
husb: config #1 need -1
husb: 3 interfaces claimed for configuration 1
husb: grabbed usb device 1.2
/tmp#

Just as a test, could you

  chmod 777 /dev/bus/usb/001/002

and see if the VM succeeds after that?

Serge,
     No good I'm afraid. I am still getting repeated
"/dev/bus/usb/001/002: Operation not permitted" in the VM log file.

     Is it perhaps possible that something else (e.g. the linux printing
system) already has exclusive access to these devices?

Regards

Roy

On 27/05/2011 14:43, Serge Hallyn wrote:
> Just as a test, could you
>
> chmod 777 /dev/bus/usb/001/002
>
> and see if the VM succeeds after that?
>

Quoting Royston Carter (<email address hidden>):
> Serge,
> No good I'm afraid. I am still getting repeated
> "/dev/bus/usb/001/002: Operation not permitted" in the VM log file.
>
> Is it perhaps possible that something else (e.g. the linux printing
> system) already has exclusive access to these devices?

Yes, very much so. I saw no hint of that in the logs when I looked
this morning, but certainly it's possible.

What does 'lsof /dev/bus/usb/001/002' show?

thanks,
-serge

Serge,
     I get the following, not sure if this is useful.

  lsof /dev/bus/usb/001/002
lsof: WARNING: can't stat() fuse.gvfs-fuse-daemon file system
/home/rpcarter/.gvfs
       Output information may be incomplete.

Regards

Roy

On 27/05/2011 15:59, Serge Hallyn wrote:
> Quoting Royston Carter (<email address hidden>):
>> Serge,
>> No good I'm afraid. I am still getting repeated
>> "/dev/bus/usb/001/002: Operation not permitted" in the VM log file.
>>
>> Is it perhaps possible that something else (e.g. the linux printing
>> system) already has exclusive access to these devices?
> Yes, very much so. I saw no hint of that in the logs when I looked
> this morning, but certainly it's possible.
>
> What does 'lsof /dev/bus/usb/001/002' show?
>
> thanks,
> -serge
>

Quoting Royston Carter (<email address hidden>):
> Serge,
> I get the following, not sure if this is useful.
>
> lsof /dev/bus/usb/001/002
> lsof: WARNING: can't stat() fuse.gvfs-fuse-daemon file system
> /home/rpcarter/.gvfs
> Output information may be incomplete.

That's odd. Can you give the output of

   mount
   df -h /dev/bus/usb/001

and

   ps -ef

Attachment for:
mount
df -h /dev/bus/usb/001

attachment for:
ps -ef

Yeah in the ps output I see /usr/share/system-config-printer/applet.py running. I wonder if it has the device pinned. What does

ls -l /proc/3545/fd

show?

Output of ls -l /proc/3545/fd

I can't reproduce this on my natty host which also has cups and the
system-config-printer-gnome running. I don't have high hopes that they
are in fact the culprit, but still it seems worth checking.

Could you try removing system-config-printer-* packages and stop cups,

  sudo stop cups
  sudo apt-get remove system-config-printer-gnome system \
 system-config-printer-common \
 system-config-printer-udev

Log out and back in, and see if after that kvm is able to use the printer.
Then reinstall with

  apt-get install system-config-printer-gnome \
 system-config-printer-common \
 system-config-printer-udev
  sudo start cups

when you are done.

Serge,
Done as requested but no change. I no longer get my host reporting that it has seen a new printer but the KVM guest still does not see the device. The log file is still showing "operation not permitted" on a regular basis.

Any other thoughts?

Regards

Roy

Sent from my iPad

On 1 Jun 2011, at 22:57, Serge Hallyn <email address hidden> wrote:

> I can't reproduce this on my natty host which also has cups and the
> system-config-printer-gnome running. I don't have high hopes that they
> are in fact the culprit, but still it seems worth checking.
>
> Could you try removing system-config-printer-* packages and stop cups,
>
> sudo stop cups
> sudo apt-get remove system-config-printer-gnome system \
> system-config-printer-common \
> system-config-printer-udev
>
> Log out and back in, and see if after that kvm is able to use the printer.
> Then reinstall with
>
> apt-get install system-config-printer-gnome \
> system-config-printer-common \
> system-config-printer-udev
> sudo start cups
>
> when you are done.
>
>
> ** Changed in: qemu-kvm (Ubuntu)
> Status: New => Incomplete
>
> ** Changed in: qemu-kvm (Ubuntu)
> Importance: Undecided => Medium
>
> --
> You received this bug notification because you are a direct subscriber
> of the bug.
> https://bugs.launchpad.net/bugs/787091
>
> Title:
> Unable to use USB device in KVM quest
>
> Status in “qemu-kvm” package in Ubuntu:
> Incomplete
>
> Bug description:
> Binary package hint: qemu-kvm
>
> Ubuntu 10.04 Server:
>
> I have been trying for some considerable time to get a Windows XP
> guest to recognise a USB Canon printer. I have searched google
> endlessly and applied a number of changes to apparmor profiles. I am
> still not able to get the guest to recognise that there a USB device
> attached. I was originally getting repeated messages in kern.log as
> below but the apparmor changes did resolve these:
>
> May 22 08:01:51 vmserver kernel: [424696.858434] type=1503
> audit(1306047711.654:81239): operation="open" pid=19695 parent=1
> profile="libvirt-629433c8-3714-561b-8e91-4a8a9bb65b9f"
> requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0
> name="/sys/devices/pci0000:00/0000:00:05.0/0000:02:00.0/usb8/devnum"
>
> I am now left with messages in the VM log file as follows which I
> cannot find a solution for:
>
> char device redirected to /dev/pts/5
> usb_create: no bus specified, using "usb.0" for "usb-host"
> husb: open device 1.4
> /dev/bus/usb/001/004: Operation not permitted
> husb: open device 1.4
> /dev/bus/usb/001/004: Operation not permitted
> husb: open device 1.4
>
>
> This is a fairly basic requirement and hopefully a solution already exists.
>
> ProblemType: Bug
> DistroRelease: Ubuntu 10.04
> Package: kvm 1:84+dfsg-0ubuntu16+0.12.3+noroms+0ubuntu9.6
> ProcVersionSignature: Ubuntu 2.6.32-31.61-server 2.6.32.32+drm33.14
> Uname: Linux 2.6.32-31-server x86_64
> NonfreeKernelModules: fglrx
> Architecture: amd64
> Date: Mon May 23 17:33:39 2011
> InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
> KvmCmdLine:
> UID PID PPID C SZ RSS PSR STIME TTY ...

Quoting Royston Carter (<email address hidden>):
> Serge,
> Done as requested but no change. I no longer get my host reporting that it has seen a new printer but the KVM guest still does not see the device. The log file is still showing "operation not permitted" on a regular basis.
>
> Any other thoughts?

This sometimes works, but it can be hard to get it right. We're going to try inserting a wrapper around kvm when executed by libvirt. Please do the following precisely (after re-starting cups and re-installing the packages as described earlier):

 mv /usr/bin/kvm /usr/bin/kvm.real
 vi /usr/bin/kvm

Insert the following:

 #!/bin/sh
 strace -f -o/tmp/strace-kvm.$$.out /usr/bin/kvm.real $*

and make it executable:

 chmod ugo+x /usr/bin/kvm

Then start the virtual machine through libvirt as usual. It'll be slow. When it is shut down, attach /tmp/strace-kvm.*.out to this bug report, and undo the wrapper by doing:

 mv /usr/bin/kvm.real /usr/bin/kvm

Serge,
I already have rapper in place to give me multi-core capability so I will edit this to add the strace as requested.

Regards

Roy

Sent from my iPad

On 7 Jun 2011, at 15:57, Serge Hallyn <email address hidden> wrote:

> Quoting Royston Carter (<email address hidden>):
>> Serge,
>> Done as requested but no change. I no longer get my host reporting that it has seen a new printer but the KVM guest still does not see the device. The log file is still showing "operation not permitted" on a regular basis.
>>
>> Any other thoughts?
>
> This sometimes works, but it can be hard to get it right. We're going
> to try inserting a wrapper around kvm when executed by libvirt. Please
> do the following precisely (after re-starting cups and re-installing the
> packages as described earlier):
>
> mv /usr/bin/kvm /usr/bin/kvm.real
> vi /usr/bin/kvm
>
> Insert the following:
>
> #!/bin/sh
> strace -f -o/tmp/strace-kvm.$$.out /usr/bin/kvm.real $*
>
> and make it executable:
>
> chmod ugo+x /usr/bin/kvm
>
> Then start the virtual machine through libvirt as usual. It'll be slow.
> When it is shut down, attach /tmp/strace-kvm.*.out to this bug report,
> and undo the wrapper by doing:
>
> mv /usr/bin/kvm.real /usr/bin/kvm
>
> --
> You received this bug notification because you are a direct subscriber
> of the bug.
> https://bugs.launchpad.net/bugs/787091
>
> Title:
> Unable to use USB device in KVM quest
>
> Status in “qemu-kvm” package in Ubuntu:
> Incomplete
>
> Bug description:
> Binary package hint: qemu-kvm
>
> Ubuntu 10.04 Server:
>
> I have been trying for some considerable time to get a Windows XP
> guest to recognise a USB Canon printer. I have searched google
> endlessly and applied a number of changes to apparmor profiles. I am
> still not able to get the guest to recognise that there a USB device
> attached. I was originally getting repeated messages in kern.log as
> below but the apparmor changes did resolve these:
>
> May 22 08:01:51 vmserver kernel: [424696.858434] type=1503
> audit(1306047711.654:81239): operation="open" pid=19695 parent=1
> profile="libvirt-629433c8-3714-561b-8e91-4a8a9bb65b9f"
> requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0
> name="/sys/devices/pci0000:00/0000:00:05.0/0000:02:00.0/usb8/devnum"
>
> I am now left with messages in the VM log file as follows which I
> cannot find a solution for:
>
> char device redirected to /dev/pts/5
> usb_create: no bus specified, using "usb.0" for "usb-host"
> husb: open device 1.4
> /dev/bus/usb/001/004: Operation not permitted
> husb: open device 1.4
> /dev/bus/usb/001/004: Operation not permitted
> husb: open device 1.4
>
>
> This is a fairly basic requirement and hopefully a solution already exists.
>
> ProblemType: Bug
> DistroRelease: Ubuntu 10.04
> Package: kvm 1:84+dfsg-0ubuntu16+0.12.3+noroms+0ubuntu9.6
> ProcVersionSignature: Ubuntu 2.6.32-31.61-server 2.6.32.32+drm33.14
> Uname: Linux 2.6.32-31-server x86_64
> NonfreeKernelModules: fglrx
> Architecture: amd64
> Date: Mon May 23 17:33:39 2011
> InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
> ...

Serge,
Done and I will attach the trace. We appear to get the following extract at regular intervals. By the way I had to update apparmor to allow execution of strace and writing to /tmp.

Regards

Roy

8865 munmap(0x7eff052c7000, 4096) = 0
8865 write(1, "husb: open device 1.4\n", 22) = 22
8865 open("/dev/bus/usb/001/004", O_RDWR|O_NONBLOCK) = -1 EPERM (Operation not permitted)
8865 write(2, "/dev/bus/usb/001/004: Operation "..., 46) = 46
8865 getdents(21, /* 0 entries */, 32768) = 0
8865 close(21) = 0
8865 futex(0x869a60, FUTEX_WAKE_PRIVATE, 1) = 1

Sent from my iPad

On 7 Jun 2011, at 15:57, Serge Hallyn <email address hidden> wrote:

> Quoting Royston Carter (<email address hidden>):
>> Serge,
>> Done as requested but no change. I no longer get my host reporting that it has seen a new printer but the KVM guest still does not see the device. The log file is still showing "operation not permitted" on a regular basis.
>>
>> Any other thoughts?
>
> This sometimes works, but it can be hard to get it right. We're going
> to try inserting a wrapper around kvm when executed by libvirt. Please
> do the following precisely (after re-starting cups and re-installing the
> packages as described earlier):
>
> mv /usr/bin/kvm /usr/bin/kvm.real
> vi /usr/bin/kvm
>
> Insert the following:
>
> #!/bin/sh
> strace -f -o/tmp/strace-kvm.$$.out /usr/bin/kvm.real $*
>
> and make it executable:
>
> chmod ugo+x /usr/bin/kvm
>
> Then start the virtual machine through libvirt as usual. It'll be slow.
> When it is shut down, attach /tmp/strace-kvm.*.out to this bug report,
> and undo the wrapper by doing:
>
> mv /usr/bin/kvm.real /usr/bin/kvm
>
> --
> You received this bug notification because you are a direct subscriber
> of the bug.
> https://bugs.launchpad.net/bugs/787091
>
> Title:
> Unable to use USB device in KVM quest
>
> Status in “qemu-kvm” package in Ubuntu:
> Incomplete
>
> Bug description:
> Binary package hint: qemu-kvm
>
> Ubuntu 10.04 Server:
>
> I have been trying for some considerable time to get a Windows XP
> guest to recognise a USB Canon printer. I have searched google
> endlessly and applied a number of changes to apparmor profiles. I am
> still not able to get the guest to recognise that there a USB device
> attached. I was originally getting repeated messages in kern.log as
> below but the apparmor changes did resolve these:
>
> May 22 08:01:51 vmserver kernel: [424696.858434] type=1503
> audit(1306047711.654:81239): operation="open" pid=19695 parent=1
> profile="libvirt-629433c8-3714-561b-8e91-4a8a9bb65b9f"
> requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0
> name="/sys/devices/pci0000:00/0000:00:05.0/0000:02:00.0/usb8/devnum"
>
> I am now left with messages in the VM log file as follows which I
> cannot find a solution for:
>
> char device redirected to /dev/pts/5
> usb_create: no bus specified, using "usb.0" for "usb-host"
> husb: open device 1.4
> /dev/bus/usb/001/004: Operation not permitted
> husb: open device 1.4
> /dev/bus/usb/001/004: Operation not permitted
> husb: open device 1.4
>
>
> This is a fairly basic...

STRACE extract added as requested

Thanks - at this point I have no idea. root is being given EPERM trying to open the file, yet log files show no apparmor denials.

You say you are wrapping kvm already, can you explain how, in case it is relevant?

Roysten,

Can you provide the output of the following command:
$ apparmor_parser -p /etc/apparmor.d/libvirt/libvirt-<uuid>

where <uuid> is the uuid of the guest (can be seen with 'virsh dominfo <vm name>').

Please also disable kernel print rate limiting (just to be sure) by doing

sysctl -w kernel.printk_ratelimit=0

Serge,
My wrap is similar to the one you had suggested. I use virt-manager which lacks some capability in particular i wanted to pass multiple core to guests. The wrap makes no odds though as I have the same result when I do nots use it.

Regards

Roy

Sent from my iPad

On 7 Jun 2011, at 21:19, Serge Hallyn <email address hidden> wrote:

> Thanks - at this point I have no idea. root is being given EPERM trying
> to open the file, yet log files show no apparmor denials.
>
> You say you are wrapping kvm already, can you explain how, in case it is
> relevant?
>
> --
> You received this bug notification because you are a direct subscriber
> of the bug.
> https://bugs.launchpad.net/bugs/787091
>
> Title:
> Unable to use USB device in KVM quest
>
> Status in “qemu-kvm” package in Ubuntu:
> Incomplete
>
> Bug description:
> Binary package hint: qemu-kvm
>
> Ubuntu 10.04 Server:
>
> I have been trying for some considerable time to get a Windows XP
> guest to recognise a USB Canon printer. I have searched google
> endlessly and applied a number of changes to apparmor profiles. I am
> still not able to get the guest to recognise that there a USB device
> attached. I was originally getting repeated messages in kern.log as
> below but the apparmor changes did resolve these:
>
> May 22 08:01:51 vmserver kernel: [424696.858434] type=1503
> audit(1306047711.654:81239): operation="open" pid=19695 parent=1
> profile="libvirt-629433c8-3714-561b-8e91-4a8a9bb65b9f"
> requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0
> name="/sys/devices/pci0000:00/0000:00:05.0/0000:02:00.0/usb8/devnum"
>
> I am now left with messages in the VM log file as follows which I
> cannot find a solution for:
>
> char device redirected to /dev/pts/5
> usb_create: no bus specified, using "usb.0" for "usb-host"
> husb: open device 1.4
> /dev/bus/usb/001/004: Operation not permitted
> husb: open device 1.4
> /dev/bus/usb/001/004: Operation not permitted
> husb: open device 1.4
>
>
> This is a fairly basic requirement and hopefully a solution already exists.
>
> ProblemType: Bug
> DistroRelease: Ubuntu 10.04
> Package: kvm 1:84+dfsg-0ubuntu16+0.12.3+noroms+0ubuntu9.6
> ProcVersionSignature: Ubuntu 2.6.32-31.61-server 2.6.32.32+drm33.14
> Uname: Linux 2.6.32-31-server x86_64
> NonfreeKernelModules: fglrx
> Architecture: amd64
> Date: Mon May 23 17:33:39 2011
> InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
> KvmCmdLine:
> UID PID PPID C SZ RSS PSR STIME TTY TIME CMD
> root 3604 1 25 188376 364400 1 15:55 ? 00:24:30 /usr/bin/kvm -S -M pc-0.12 -enable-kvm -m 512 -smp 2,cores=2 -name Trixbox2.8 -uuid c19e7ccd-6a2d-35b0-5e0a-e9832434c517 -chardev socket,id=monitor,path=/var/lib/libvirt/qemu/Trixbox2.8.monitor,server,nowait -monitor chardev:monitor -boot c -drive file=/var/lib/libvirt/images/Trixbox2.8.img,if=virtio,index=0,boot=on,format=raw -drive if=ide,media=cdrom,index=2,format=raw -net nic,macaddr=52:54:00:45:84:af,vlan=0,model=virtio,name=virtio.0 -net tap,fd=48,vlan=0,name=tap.0 -chardev pty,id=serial0 -serial chardev:serial0 -parallel none -usb -vnc ...

Results of apparmor-parsor attached as requested

Jamie,
Attached to call as requested. Is there not a way to put apparmor into a complain mode rather than enforce to rule this out once and for all?

Regards

Roy

Sent from my iPad

On 7 Jun 2011, at 21:24, Jamie Strandboge <email address hidden> wrote:

> Roysten,
>
> Can you provide the output of the following command:
> $ apparmor_parser -p /etc/apparmor.d/libvirt/libvirt-<uuid>
>
> where <uuid> is the uuid of the guest (can be seen with 'virsh dominfo
> <vm name>').
>
> --
> You received this bug notification because you are a direct subscriber
> of the bug.
> https://bugs.launchpad.net/bugs/787091
>
> Title:
> Unable to use USB device in KVM quest
>
> Status in “qemu-kvm” package in Ubuntu:
> Incomplete
>
> Bug description:
> Binary package hint: qemu-kvm
>
> Ubuntu 10.04 Server:
>
> I have been trying for some considerable time to get a Windows XP
> guest to recognise a USB Canon printer. I have searched google
> endlessly and applied a number of changes to apparmor profiles. I am
> still not able to get the guest to recognise that there a USB device
> attached. I was originally getting repeated messages in kern.log as
> below but the apparmor changes did resolve these:
>
> May 22 08:01:51 vmserver kernel: [424696.858434] type=1503
> audit(1306047711.654:81239): operation="open" pid=19695 parent=1
> profile="libvirt-629433c8-3714-561b-8e91-4a8a9bb65b9f"
> requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0
> name="/sys/devices/pci0000:00/0000:00:05.0/0000:02:00.0/usb8/devnum"
>
> I am now left with messages in the VM log file as follows which I
> cannot find a solution for:
>
> char device redirected to /dev/pts/5
> usb_create: no bus specified, using "usb.0" for "usb-host"
> husb: open device 1.4
> /dev/bus/usb/001/004: Operation not permitted
> husb: open device 1.4
> /dev/bus/usb/001/004: Operation not permitted
> husb: open device 1.4
>
>
> This is a fairly basic requirement and hopefully a solution already exists.
>
> ProblemType: Bug
> DistroRelease: Ubuntu 10.04
> Package: kvm 1:84+dfsg-0ubuntu16+0.12.3+noroms+0ubuntu9.6
> ProcVersionSignature: Ubuntu 2.6.32-31.61-server 2.6.32.32+drm33.14
> Uname: Linux 2.6.32-31-server x86_64
> NonfreeKernelModules: fglrx
> Architecture: amd64
> Date: Mon May 23 17:33:39 2011
> InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
> KvmCmdLine:
> UID PID PPID C SZ RSS PSR STIME TTY TIME CMD
> root 3604 1 25 188376 364400 1 15:55 ? 00:24:30 /usr/bin/kvm -S -M pc-0.12 -enable-kvm -m 512 -smp 2,cores=2 -name Trixbox2.8 -uuid c19e7ccd-6a2d-35b0-5e0a-e9832434c517 -chardev socket,id=monitor,path=/var/lib/libvirt/qemu/Trixbox2.8.monitor,server,nowait -monitor chardev:monitor -boot c -drive file=/var/lib/libvirt/images/Trixbox2.8.img,if=virtio,index=0,boot=on,format=raw -drive if=ide,media=cdrom,index=2,format=raw -net nic,macaddr=52:54:00:45:84:af,vlan=0,model=virtio,name=virtio.0 -net tap,fd=48,vlan=0,name=tap.0 -chardev pty,id=serial0 -serial chardev:serial0 -parallel none -usb -vnc 127.0.0.1:0 -vga cirrus
> root 5355 1 9 249533 283612 5 16:16 ? 00:07:42 /usr/...

Serge,
I do not see anything different i'm afraid.

Regards

Roy

Sent from my iPad

On 7 Jun 2011, at 21:30, Serge Hallyn <email address hidden> wrote:

> Please also disable kernel print rate limiting (just to be sure) by
> doing
>
> sysctl -w kernel.printk_ratelimit=0
>
> --
> You received this bug notification because you are a direct subscriber
> of the bug.
> https://bugs.launchpad.net/bugs/787091
>
> Title:
> Unable to use USB device in KVM quest
>
> Status in “qemu-kvm” package in Ubuntu:
> Incomplete
>
> Bug description:
> Binary package hint: qemu-kvm
>
> Ubuntu 10.04 Server:
>
> I have been trying for some considerable time to get a Windows XP
> guest to recognise a USB Canon printer. I have searched google
> endlessly and applied a number of changes to apparmor profiles. I am
> still not able to get the guest to recognise that there a USB device
> attached. I was originally getting repeated messages in kern.log as
> below but the apparmor changes did resolve these:
>
> May 22 08:01:51 vmserver kernel: [424696.858434] type=1503
> audit(1306047711.654:81239): operation="open" pid=19695 parent=1
> profile="libvirt-629433c8-3714-561b-8e91-4a8a9bb65b9f"
> requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0
> name="/sys/devices/pci0000:00/0000:00:05.0/0000:02:00.0/usb8/devnum"
>
> I am now left with messages in the VM log file as follows which I
> cannot find a solution for:
>
> char device redirected to /dev/pts/5
> usb_create: no bus specified, using "usb.0" for "usb-host"
> husb: open device 1.4
> /dev/bus/usb/001/004: Operation not permitted
> husb: open device 1.4
> /dev/bus/usb/001/004: Operation not permitted
> husb: open device 1.4
>
>
> This is a fairly basic requirement and hopefully a solution already exists.
>
> ProblemType: Bug
> DistroRelease: Ubuntu 10.04
> Package: kvm 1:84+dfsg-0ubuntu16+0.12.3+noroms+0ubuntu9.6
> ProcVersionSignature: Ubuntu 2.6.32-31.61-server 2.6.32.32+drm33.14
> Uname: Linux 2.6.32-31-server x86_64
> NonfreeKernelModules: fglrx
> Architecture: amd64
> Date: Mon May 23 17:33:39 2011
> InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
> KvmCmdLine:
> UID PID PPID C SZ RSS PSR STIME TTY TIME CMD
> root 3604 1 25 188376 364400 1 15:55 ? 00:24:30 /usr/bin/kvm -S -M pc-0.12 -enable-kvm -m 512 -smp 2,cores=2 -name Trixbox2.8 -uuid c19e7ccd-6a2d-35b0-5e0a-e9832434c517 -chardev socket,id=monitor,path=/var/lib/libvirt/qemu/Trixbox2.8.monitor,server,nowait -monitor chardev:monitor -boot c -drive file=/var/lib/libvirt/images/Trixbox2.8.img,if=virtio,index=0,boot=on,format=raw -drive if=ide,media=cdrom,index=2,format=raw -net nic,macaddr=52:54:00:45:84:af,vlan=0,model=virtio,name=virtio.0 -net tap,fd=48,vlan=0,name=tap.0 -chardev pty,id=serial0 -serial chardev:serial0 -parallel none -usb -vnc 127.0.0.1:0 -vga cirrus
> root 5355 1 9 249533 283612 5 16:16 ? 00:07:42 /usr/bin/kvm -S -M pc-0.12 -enable-kvm -m 769 -smp 2 -name MediaServer -uuid b38159a1-5ee5-b792-e110-c270f30f6925 -chardev socket,id=monitor,path=/var/lib/libvirt/qemu/MediaServer.monitor,server,nowait...

Serge,
I nite this device has extended attributes (ACL), any relevance?

ls -l /dev/bus/usb/001/004
crw-rw-r--+ 1 root root 189, 3 2011-06-07 11:31 /dev/bus/usb/001/004

getfacl /dev/bus/usb/001/004
# file: dev/bus/usb/001/004
# owner: root
# group: root
user::rw-
user:rpcarter:rw-
group::rw-
mask::rw-
other::r--

Regards

Roy

Sent from my iPad

On 7 Jun 2011, at 21:30, Serge Hallyn <email address hidden> wrote:

> Please also disable kernel print rate limiting (just to be sure) by
> doing
>
> sysctl -w kernel.printk_ratelimit=0
>
> --
> You received this bug notification because you are a direct subscriber
> of the bug.
> https://bugs.launchpad.net/bugs/787091
>
> Title:
> Unable to use USB device in KVM quest
>
> Status in “qemu-kvm” package in Ubuntu:
> Incomplete
>
> Bug description:
> Binary package hint: qemu-kvm
>
> Ubuntu 10.04 Server:
>
> I have been trying for some considerable time to get a Windows XP
> guest to recognise a USB Canon printer. I have searched google
> endlessly and applied a number of changes to apparmor profiles. I am
> still not able to get the guest to recognise that there a USB device
> attached. I was originally getting repeated messages in kern.log as
> below but the apparmor changes did resolve these:
>
> May 22 08:01:51 vmserver kernel: [424696.858434] type=1503
> audit(1306047711.654:81239): operation="open" pid=19695 parent=1
> profile="libvirt-629433c8-3714-561b-8e91-4a8a9bb65b9f"
> requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0
> name="/sys/devices/pci0000:00/0000:00:05.0/0000:02:00.0/usb8/devnum"
>
> I am now left with messages in the VM log file as follows which I
> cannot find a solution for:
>
> char device redirected to /dev/pts/5
> usb_create: no bus specified, using "usb.0" for "usb-host"
> husb: open device 1.4
> /dev/bus/usb/001/004: Operation not permitted
> husb: open device 1.4
> /dev/bus/usb/001/004: Operation not permitted
> husb: open device 1.4
>
>
> This is a fairly basic requirement and hopefully a solution already exists.
>
> ProblemType: Bug
> DistroRelease: Ubuntu 10.04
> Package: kvm 1:84+dfsg-0ubuntu16+0.12.3+noroms+0ubuntu9.6
> ProcVersionSignature: Ubuntu 2.6.32-31.61-server 2.6.32.32+drm33.14
> Uname: Linux 2.6.32-31-server x86_64
> NonfreeKernelModules: fglrx
> Architecture: amd64
> Date: Mon May 23 17:33:39 2011
> InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
> KvmCmdLine:
> UID PID PPID C SZ RSS PSR STIME TTY TIME CMD
> root 3604 1 25 188376 364400 1 15:55 ? 00:24:30 /usr/bin/kvm -S -M pc-0.12 -enable-kvm -m 512 -smp 2,cores=2 -name Trixbox2.8 -uuid c19e7ccd-6a2d-35b0-5e0a-e9832434c517 -chardev socket,id=monitor,path=/var/lib/libvirt/qemu/Trixbox2.8.monitor,server,nowait -monitor chardev:monitor -boot c -drive file=/var/lib/libvirt/images/Trixbox2.8.img,if=virtio,index=0,boot=on,format=raw -drive if=ide,media=cdrom,index=2,format=raw -net nic,macaddr=52:54:00:45:84:af,vlan=0,model=virtio,name=virtio.0 -net tap,fd=48,vlan=0,name=tap.0 -chardev pty,id=serial0 -serial chardev:serial0 -parallel none -usb -vnc 127.0.0.1:0 -vga cirrus
> ...

I have just also tried an Android phone in debugging mode connecting via USB to a Scientific 6.0 host. The results are consistent, "/dev/bus/usb/003/003: Operation not permitted" repeated in guest log and no sign of device in guest.

Roy

Since KVM is running as root and the device is owned by root (and ACL gives 'user:rw' perms), I don't think the ACLs are to blame.

Could you try booting the system with 'apparmor=0' in the boot arguments? If it works then, then we know apparmor is somehow still causing this.
---
Ubuntu Bug Squad volunteer triager
http://wiki.ubuntu.com/BugSquad

Serge,
I will give it a go and get back to you

Regards

Roy

Sent from my iPad

On 17 Jun 2011, at 22:22, Serge Hallyn <email address hidden> wrote:

> Since KVM is running as root and the device is owned by root (and ACL
> gives 'user:rw' perms), I don't think the ACLs are to blame.
>
> Could you try booting the system with 'apparmor=0' in the boot arguments? If it works then, then we know apparmor is somehow still causing this.
> ---
> Ubuntu Bug Squad volunteer triager
> http://wiki.ubuntu.com/BugSquad
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/787091
>
> Title:
> Unable to use USB device in KVM quest
>
> Status in “qemu-kvm” package in Ubuntu:
> Incomplete
>
> Bug description:
> Binary package hint: qemu-kvm
>
> Ubuntu 10.04 Server:
>
> I have been trying for some considerable time to get a Windows XP
> guest to recognise a USB Canon printer. I have searched google
> endlessly and applied a number of changes to apparmor profiles. I am
> still not able to get the guest to recognise that there a USB device
> attached. I was originally getting repeated messages in kern.log as
> below but the apparmor changes did resolve these:
>
> May 22 08:01:51 vmserver kernel: [424696.858434] type=1503
> audit(1306047711.654:81239): operation="open" pid=19695 parent=1
> profile="libvirt-629433c8-3714-561b-8e91-4a8a9bb65b9f"
> requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0
> name="/sys/devices/pci0000:00/0000:00:05.0/0000:02:00.0/usb8/devnum"
>
> I am now left with messages in the VM log file as follows which I
> cannot find a solution for:
>
> char device redirected to /dev/pts/5
> usb_create: no bus specified, using "usb.0" for "usb-host"
> husb: open device 1.4
> /dev/bus/usb/001/004: Operation not permitted
> husb: open device 1.4
> /dev/bus/usb/001/004: Operation not permitted
> husb: open device 1.4
>
>
> This is a fairly basic requirement and hopefully a solution already exists.
>
> ProblemType: Bug
> DistroRelease: Ubuntu 10.04
> Package: kvm 1:84+dfsg-0ubuntu16+0.12.3+noroms+0ubuntu9.6
> ProcVersionSignature: Ubuntu 2.6.32-31.61-server 2.6.32.32+drm33.14
> Uname: Linux 2.6.32-31-server x86_64
> NonfreeKernelModules: fglrx
> Architecture: amd64
> Date: Mon May 23 17:33:39 2011
> InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
> KvmCmdLine:
> UID PID PPID C SZ RSS PSR STIME TTY TIME CMD
> root 3604 1 25 188376 364400 1 15:55 ? 00:24:30 /usr/bin/kvm -S -M pc-0.12 -enable-kvm -m 512 -smp 2,cores=2 -name Trixbox2.8 -uuid c19e7ccd-6a2d-35b0-5e0a-e9832434c517 -chardev socket,id=monitor,path=/var/lib/libvirt/qemu/Trixbox2.8.monitor,server,nowait -monitor chardev:monitor -boot c -drive file=/var/lib/libvirt/images/Trixbox2.8.img,if=virtio,index=0,boot=on,format=raw -drive if=ide,media=cdrom,index=2,format=raw -net nic,macaddr=52:54:00:45:84:af,vlan=0,model=virtio,name=virtio.0 -net tap,fd=48,vlan=0,name=tap.0 -chardev pty,id=serial0 -serial chardev:serial0 -parallel none -usb -vnc 127.0.0.1:0 -vga cirrus
> root 5355 1 9 249...

Serge,
Done but no difference. Apparmor_status reports:

apparmor module is loaded.
apparmor file system not loaded

Still get "not permitted" error.

Did this with android phone in debug mode to avoid any cups related issue.

Regards

Roy

Sent from my iPad

On 17 Jun 2011, at 22:22, Serge Hallyn <email address hidden> wrote:

> Since KVM is running as root and the device is owned by root (and ACL
> gives 'user:rw' perms), I don't think the ACLs are to blame.
>
> Could you try booting the system with 'apparmor=0' in the boot arguments? If it works then, then we know apparmor is somehow still causing this.
> ---
> Ubuntu Bug Squad volunteer triager
> http://wiki.ubuntu.com/BugSquad
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/787091
>
> Title:
> Unable to use USB device in KVM quest
>
> Status in “qemu-kvm” package in Ubuntu:
> Incomplete
>
> Bug description:
> Binary package hint: qemu-kvm
>
> Ubuntu 10.04 Server:
>
> I have been trying for some considerable time to get a Windows XP
> guest to recognise a USB Canon printer. I have searched google
> endlessly and applied a number of changes to apparmor profiles. I am
> still not able to get the guest to recognise that there a USB device
> attached. I was originally getting repeated messages in kern.log as
> below but the apparmor changes did resolve these:
>
> May 22 08:01:51 vmserver kernel: [424696.858434] type=1503
> audit(1306047711.654:81239): operation="open" pid=19695 parent=1
> profile="libvirt-629433c8-3714-561b-8e91-4a8a9bb65b9f"
> requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0
> name="/sys/devices/pci0000:00/0000:00:05.0/0000:02:00.0/usb8/devnum"
>
> I am now left with messages in the VM log file as follows which I
> cannot find a solution for:
>
> char device redirected to /dev/pts/5
> usb_create: no bus specified, using "usb.0" for "usb-host"
> husb: open device 1.4
> /dev/bus/usb/001/004: Operation not permitted
> husb: open device 1.4
> /dev/bus/usb/001/004: Operation not permitted
> husb: open device 1.4
>
>
> This is a fairly basic requirement and hopefully a solution already exists.
>
> ProblemType: Bug
> DistroRelease: Ubuntu 10.04
> Package: kvm 1:84+dfsg-0ubuntu16+0.12.3+noroms+0ubuntu9.6
> ProcVersionSignature: Ubuntu 2.6.32-31.61-server 2.6.32.32+drm33.14
> Uname: Linux 2.6.32-31-server x86_64
> NonfreeKernelModules: fglrx
> Architecture: amd64
> Date: Mon May 23 17:33:39 2011
> InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
> KvmCmdLine:
> UID PID PPID C SZ RSS PSR STIME TTY TIME CMD
> root 3604 1 25 188376 364400 1 15:55 ? 00:24:30 /usr/bin/kvm -S -M pc-0.12 -enable-kvm -m 512 -smp 2,cores=2 -name Trixbox2.8 -uuid c19e7ccd-6a2d-35b0-5e0a-e9832434c517 -chardev socket,id=monitor,path=/var/lib/libvirt/qemu/Trixbox2.8.monitor,server,nowait -monitor chardev:monitor -boot c -drive file=/var/lib/libvirt/images/Trixbox2.8.img,if=virtio,index=0,boot=on,format=raw -drive if=ide,media=cdrom,index=2,format=raw -net nic,macaddr=52:54:00:45:84:af,vlan=0,model=vir...

Serge,
Any more thoughts on this one, it causes me some significant issues so I would really like to get to the bottom of it if possible.

Regards

Roy

Sent from my iPad

On 17 Jun 2011, at 22:22, Serge Hallyn <email address hidden> wrote:

> Since KVM is running as root and the device is owned by root (and ACL
> gives 'user:rw' perms), I don't think the ACLs are to blame.
>
> Could you try booting the system with 'apparmor=0' in the boot arguments? If it works then, then we know apparmor is somehow still causing this.
> ---
> Ubuntu Bug Squad volunteer triager
> http://wiki.ubuntu.com/BugSquad
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/787091
>
> Title:
> Unable to use USB device in KVM quest
>
> Status in “qemu-kvm” package in Ubuntu:
> Incomplete
>
> Bug description:
> Binary package hint: qemu-kvm
>
> Ubuntu 10.04 Server:
>
> I have been trying for some considerable time to get a Windows XP
> guest to recognise a USB Canon printer. I have searched google
> endlessly and applied a number of changes to apparmor profiles. I am
> still not able to get the guest to recognise that there a USB device
> attached. I was originally getting repeated messages in kern.log as
> below but the apparmor changes did resolve these:
>
> May 22 08:01:51 vmserver kernel: [424696.858434] type=1503
> audit(1306047711.654:81239): operation="open" pid=19695 parent=1
> profile="libvirt-629433c8-3714-561b-8e91-4a8a9bb65b9f"
> requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0
> name="/sys/devices/pci0000:00/0000:00:05.0/0000:02:00.0/usb8/devnum"
>
> I am now left with messages in the VM log file as follows which I
> cannot find a solution for:
>
> char device redirected to /dev/pts/5
> usb_create: no bus specified, using "usb.0" for "usb-host"
> husb: open device 1.4
> /dev/bus/usb/001/004: Operation not permitted
> husb: open device 1.4
> /dev/bus/usb/001/004: Operation not permitted
> husb: open device 1.4
>
>
> This is a fairly basic requirement and hopefully a solution already exists.
>
> ProblemType: Bug
> DistroRelease: Ubuntu 10.04
> Package: kvm 1:84+dfsg-0ubuntu16+0.12.3+noroms+0ubuntu9.6
> ProcVersionSignature: Ubuntu 2.6.32-31.61-server 2.6.32.32+drm33.14
> Uname: Linux 2.6.32-31-server x86_64
> NonfreeKernelModules: fglrx
> Architecture: amd64
> Date: Mon May 23 17:33:39 2011
> InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
> KvmCmdLine:
> UID PID PPID C SZ RSS PSR STIME TTY TIME CMD
> root 3604 1 25 188376 364400 1 15:55 ? 00:24:30 /usr/bin/kvm -S -M pc-0.12 -enable-kvm -m 512 -smp 2,cores=2 -name Trixbox2.8 -uuid c19e7ccd-6a2d-35b0-5e0a-e9832434c517 -chardev socket,id=monitor,path=/var/lib/libvirt/qemu/Trixbox2.8.monitor,server,nowait -monitor chardev:monitor -boot c -drive file=/var/lib/libvirt/images/Trixbox2.8.img,if=virtio,index=0,boot=on,format=raw -drive if=ide,media=cdrom,index=2,format=raw -net nic,macaddr=52:54:00:45:84:af,vlan=0,model=virtio,name=virtio.0 -net tap,fd=48,vlan=0,name=tap.0 -chardev pty,id=serial0 -serial cha...

Do you have a system on which you could test either with natty or with
lucid with backported packages (which I would create)?

Serge,
Unfortunately I have only one vm capable host which is my main machine, firewall, PBS, family desktop etc. It is an AMD Phenom II, the only other kit I have is not 64bit and has no virtualisation capabilities. I am reluctant therefore to risk this unless there in no other way forward.

Roy

Sent from my iPad

On 22 Jun 2011, at 14:02, Serge Hallyn <email address hidden> wrote:

> Do you have a system on which you could test either with natty or with
> lucid with backported packages (which I would create)?
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/787091
>
> Title:
> Unable to use USB device in KVM quest
>
> Status in “qemu-kvm” package in Ubuntu:
> Incomplete
>
> Bug description:
> Binary package hint: qemu-kvm
>
> Ubuntu 10.04 Server:
>
> I have been trying for some considerable time to get a Windows XP
> guest to recognise a USB Canon printer. I have searched google
> endlessly and applied a number of changes to apparmor profiles. I am
> still not able to get the guest to recognise that there a USB device
> attached. I was originally getting repeated messages in kern.log as
> below but the apparmor changes did resolve these:
>
> May 22 08:01:51 vmserver kernel: [424696.858434] type=1503
> audit(1306047711.654:81239): operation="open" pid=19695 parent=1
> profile="libvirt-629433c8-3714-561b-8e91-4a8a9bb65b9f"
> requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0
> name="/sys/devices/pci0000:00/0000:00:05.0/0000:02:00.0/usb8/devnum"
>
> I am now left with messages in the VM log file as follows which I
> cannot find a solution for:
>
> char device redirected to /dev/pts/5
> usb_create: no bus specified, using "usb.0" for "usb-host"
> husb: open device 1.4
> /dev/bus/usb/001/004: Operation not permitted
> husb: open device 1.4
> /dev/bus/usb/001/004: Operation not permitted
> husb: open device 1.4
>
>
> This is a fairly basic requirement and hopefully a solution already exists.
>
> ProblemType: Bug
> DistroRelease: Ubuntu 10.04
> Package: kvm 1:84+dfsg-0ubuntu16+0.12.3+noroms+0ubuntu9.6
> ProcVersionSignature: Ubuntu 2.6.32-31.61-server 2.6.32.32+drm33.14
> Uname: Linux 2.6.32-31-server x86_64
> NonfreeKernelModules: fglrx
> Architecture: amd64
> Date: Mon May 23 17:33:39 2011
> InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
> KvmCmdLine:
> UID PID PPID C SZ RSS PSR STIME TTY TIME CMD
> root 3604 1 25 188376 364400 1 15:55 ? 00:24:30 /usr/bin/kvm -S -M pc-0.12 -enable-kvm -m 512 -smp 2,cores=2 -name Trixbox2.8 -uuid c19e7ccd-6a2d-35b0-5e0a-e9832434c517 -chardev socket,id=monitor,path=/var/lib/libvirt/qemu/Trixbox2.8.monitor,server,nowait -monitor chardev:monitor -boot c -drive file=/var/lib/libvirt/images/Trixbox2.8.img,if=virtio,index=0,boot=on,format=raw -drive if=ide,media=cdrom,index=2,format=raw -net nic,macaddr=52:54:00:45:84:af,vlan=0,model=virtio,name=virtio.0 -net tap,fd=48,vlan=0,name=tap.0 -chardev pty,id=serial0 -serial chardev:serial0 -parallel none -usb -vnc 127.0.0.1:0 -vga cirrus
> root 5355 1 9...

Serge,
     I would add that the system runs on software raid with LVM2 and it
would seem that simply taking a full backup and restoring after trying
alternative Kernel. is also non-trivial.

Roy

On 22/06/2011 14:02, Serge Hallyn wrote:
> Do you have a system on which you could test either with natty or with
> lucid with backported packages (which I would create)?
>

I have had the opportunity to try this issue on an Intel machine and have attached the output of an lshw of this machine for information. From an original installation of Lucid Server I was able to get a Windows XP VM to recognise a USB printer. I applied all updates and still the printer us recognized.

Though the USB printer was recognized and driver installation in the Windows guest appears to go OK. The Guest blue screens with a USB issue when I try and print a test page.

Roy

Further to my previous comment, I have tried another printer which appears to install and work OK. Main difference I suspect is that this is an older printer and possibly USB 1.1 whereas the first printer I tries may possible only be USB 2.0.

Let's see if we can get root in general to fail to open this. First paste the following into 'open.c' (without the '========' lines), and then compile that using 'make open'.

===============================================================
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>

int main(int argc, char *argv[])
{
 int ret;

 if (argc < 2)
 {
  printf("try %s /dev/bus/usb/001/013\n", argv[0]);
  exit(1);
 }
 ret = open(argv[1], O_RDWR|O_NONBLOCK);
 printf("open returned %d\n", ret);
 close(ret);
}
===============================================================

Plug in the printer and try starting the VM with libvirt. Look in the log file to get the pathname it is trying to use. Then run open with that file as argument. For instance if you see

/dev/bus/usb/001/004: Operation not permitted

then try

  sudo ./open /dev/bus/usb/001/004

If it says it returned a positive number, then it succeeded in opening it. If it returned -1, then we know that in fact root can't open that device, and it isn't just libvirt.

Serge,
     See below. The open program opens it and gets file ID 3 as one
would expect. Whilst running this the VM is outputting the not permitted
message on the same device. So root can open but libvirt cannot!

root@vmserver:/tmp# lsusb
Bus 008 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 007 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 006 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 005 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 004 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
Bus 003 Device 003: ID 04a9:1717 Canon, Inc. MP510
Bus 003 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
root@vmserver:/tmp# ./open /dev/bus/usb/003/003
open returned 3
root@vmserver:/tmp# ./open /dev/bus/usb/003/003
open returned 3
root@vmserver:/tmp#

Regards

Roy

On 29/06/2011 05:39, Serge Hallyn wrote:
> Let's see if we can get root in general to fail to open this. First
> paste the following into 'open.c' (without the '========' lines), and
> then compile that using 'make open'.
>
> ===============================================================
> #include<stdio.h>
> #include<stdlib.h>
> #include<sys/types.h>
> #include<sys/stat.h>
> #include<fcntl.h>
>
>
> int main(int argc, char *argv[])
> {
> int ret;
>
> if (argc< 2)
> {
> printf("try %s /dev/bus/usb/001/013\n", argv[0]);
> exit(1);
> }
> ret = open(argv[1], O_RDWR|O_NONBLOCK);
> printf("open returned %d\n", ret);
> close(ret);
> }
> ===============================================================
>
> Plug in the printer and try starting the VM with libvirt. Look in the
> log file to get the pathname it is trying to use. Then run open with
> that file as argument. For instance if you see
>
> /dev/bus/usb/001/004: Operation not permitted
>
> then try
>
> sudo ./open /dev/bus/usb/001/004
>
> If it says it returned a positive number, then it succeeded in opening
> it. If it returned -1, then we know that in fact root can't open that
> device, and it isn't just libvirt.
>

Thanks, Roy. I'm trying to come up with a working systemtap script to figure out why the kernel gives -EPERM. Unfortunately it seems touch-and-go in lucid. I'll let you know when I get something you can try.

Serge,
OK, thanks for your efforts on this.

Regards

Roy

Sent from my iPad

On 29 Jun 2011, at 18:49, Serge Hallyn <email address hidden> wrote:

> Thanks, Roy. I'm trying to come up with a working systemtap script to
> figure out why the kernel gives -EPERM. Unfortunately it seems touch-
> and-go in lucid. I'll let you know when I get something you can try.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/787091
>
> Title:
> Unable to use USB device in KVM quest
>
> Status in “qemu-kvm” package in Ubuntu:
> Incomplete
>
> Bug description:
> Binary package hint: qemu-kvm
>
> Ubuntu 10.04 Server:
>
> I have been trying for some considerable time to get a Windows XP
> guest to recognise a USB Canon printer. I have searched google
> endlessly and applied a number of changes to apparmor profiles. I am
> still not able to get the guest to recognise that there a USB device
> attached. I was originally getting repeated messages in kern.log as
> below but the apparmor changes did resolve these:
>
> May 22 08:01:51 vmserver kernel: [424696.858434] type=1503
> audit(1306047711.654:81239): operation="open" pid=19695 parent=1
> profile="libvirt-629433c8-3714-561b-8e91-4a8a9bb65b9f"
> requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0
> name="/sys/devices/pci0000:00/0000:00:05.0/0000:02:00.0/usb8/devnum"
>
> I am now left with messages in the VM log file as follows which I
> cannot find a solution for:
>
> char device redirected to /dev/pts/5
> usb_create: no bus specified, using "usb.0" for "usb-host"
> husb: open device 1.4
> /dev/bus/usb/001/004: Operation not permitted
> husb: open device 1.4
> /dev/bus/usb/001/004: Operation not permitted
> husb: open device 1.4
>
>
> This is a fairly basic requirement and hopefully a solution already exists.
>
> ProblemType: Bug
> DistroRelease: Ubuntu 10.04
> Package: kvm 1:84+dfsg-0ubuntu16+0.12.3+noroms+0ubuntu9.6
> ProcVersionSignature: Ubuntu 2.6.32-31.61-server 2.6.32.32+drm33.14
> Uname: Linux 2.6.32-31-server x86_64
> NonfreeKernelModules: fglrx
> Architecture: amd64
> Date: Mon May 23 17:33:39 2011
> InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
> KvmCmdLine:
> UID PID PPID C SZ RSS PSR STIME TTY TIME CMD
> root 3604 1 25 188376 364400 1 15:55 ? 00:24:30 /usr/bin/kvm -S -M pc-0.12 -enable-kvm -m 512 -smp 2,cores=2 -name Trixbox2.8 -uuid c19e7ccd-6a2d-35b0-5e0a-e9832434c517 -chardev socket,id=monitor,path=/var/lib/libvirt/qemu/Trixbox2.8.monitor,server,nowait -monitor chardev:monitor -boot c -drive file=/var/lib/libvirt/images/Trixbox2.8.img,if=virtio,index=0,boot=on,format=raw -drive if=ide,media=cdrom,index=2,format=raw -net nic,macaddr=52:54:00:45:84:af,vlan=0,model=virtio,name=virtio.0 -net tap,fd=48,vlan=0,name=tap.0 -chardev pty,id=serial0 -serial chardev:serial0 -parallel none -usb -vnc 127.0.0.1:0 -vga cirrus
> root 5355 1 9 249533 283612 5 16:16 ? 00:07:42 /usr/bin/kvm -S -M pc-0.12 -enable-kvm -m 769 -smp 2 -name MediaServer -uuid b38159a1-5ee5-b792-e110-c270f30f69...

Please download this file and extract it using
   tar zxf openeperm_kprobe.tar.gz

Then you'll need to install a few prerequisites:

  apt-get install make gcc linux-headers-2.6.32-32-generic

Enter the extracted directory and compile the kprobe:

  cd openeperm_kprobe
  make

This will compile a kprobe (kernel probe) which, while installed, will give more information on the credentials of any process which receives -EPERM or -EACCES trying to open a file. So the way to use it is, load the module, start the virtual machine which tries to use the printer, unload the module once it has failed (i.e. you see the messages about failing to open /sys/bus/usb/001/004), then unload the module and look through the logs for any meaningful information.

Load the module using: insmod openeperm.ko
Unload it using: rmmod openeperm

You can see the error messages using the command 'dmesg', and they will look like:

[ 148.939971] sys_open returned: -13
[ 148.939982] Call by: euid 1000 cap_eff 0

Serge,
Results of kernel probe attached.

Roy

Serge,
     I have added the output to the call.

Regards

Roy

On 30/06/2011 14:20, Serge Hallyn wrote:
> Please download this file and extract it using
> tar zxf openeperm_kprobe.tar.gz
>
> Then you'll need to install a few prerequisites:
>
> apt-get install make gcc linux-headers-2.6.32-32-generic
>
> Enter the extracted directory and compile the kprobe:
>
> cd openeperm_kprobe
> make
>
> This will compile a kprobe (kernel probe) which, while installed, will
> give more information on the credentials of any process which receives
> -EPERM or -EACCES trying to open a file. So the way to use it is, load
> the module, start the virtual machine which tries to use the printer,
> unload the module once it has failed (i.e. you see the messages about
> failing to open /sys/bus/usb/001/004), then unload the module and look
> through the logs for any meaningful information.
>
> Load the module using: insmod openeperm.ko
> Unload it using: rmmod openeperm
>
> You can see the error messages using the command 'dmesg', and they will
> look like:
>
> [ 148.939971] sys_open returned: -13
> [ 148.939982] Call by: euid 1000 cap_eff 0
>
>
> ** Attachment added: "openeperm_kprobe.tar.gz"
> https://bugs.launchpad.net/ubuntu/+source/qemu-kvm/+bug/787091/+attachment/2185306/+files/openeperm_kprobe.tar.gz
>

I can only think of one other explanation, the devices cgroup. Can you, while that VM is running, do

ps -ef

to get the PID of the kvm process, then do

cat /proc/$PID/cgroup

(substituting in the pid)?

Assuming it reads something like

1:blkio,net_cls,freezer,devices,memory,cpuacct,cpu,ns,cpuset:/libvirt/qemu/lxc-natty-amd64

you would then find the cgroups mountpoint using
   mount | grep cgroup
and print out the device whitelist using:

cat /cgroup/libvirt/qemu/lxc-natty-amd64

(substituting your cgroup mountpoint for '/cgroup').

If I'm not being clear enough here, please start by just giving me the output of:

   for p in `pidof kvm`; do
      cat /proc/$p/cgroup
   done
   mount | grep cgroup

Serge,
Have more or less done as requested and attached results. Your line "cat /cgroup/libvirt/qemu/WindowsXP" would not work as this is a directory so I improvised a little.

Regards

Roy

Thanks, Roy. I'm sorry, this shoudl have occurred to me much sooner. Just to make absolutely sure, could you add the following to the bottom of your /etc/libvirt/qemu.conf file:

cgroup_controllers = [ "cpu", "memory" ]

shut down your VM, restart libvirt-bin using

   sudo restart libvirt-bin

and see if your VM can now access the printer?

Also, could you attach the result of

   virsh dumpxml WindowsXP

? libvirt is supposed to automatically add entries to the devices whitelist to allow access to the usb printer, so I'm hoping the xml file will offer clues as to why it didn't.

Serge,
I will try this Monday.

Regards

Roy

Sent from my iPad

On 1 Jul 2011, at 14:40, Serge Hallyn <email address hidden> wrote:

> Thanks, Roy. I'm sorry, this shoudl have occurred to me much sooner. Just to make absolutely sure, could you add the following to the bottom of your /etc/libvirt/qemu.conf file:
>
>
> cgroup_controllers = [ "cpu", "memory" ]
>
> shut down your VM, restart libvirt-bin using
>
> sudo restart libvirt-bin
>
> and see if your VM can now access the printer?
>
> Also, could you attach the result of
>
> virsh dumpxml WindowsXP
>
> ? libvirt is supposed to automatically add entries to the devices
> whitelist to allow access to the usb printer, so I'm hoping the xml file
> will offer clues as to why it didn't.
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/787091
>
> Title:
> Unable to use USB device in KVM quest
>
> Status in “qemu-kvm” package in Ubuntu:
> Incomplete
>
> Bug description:
> Binary package hint: qemu-kvm
>
> Ubuntu 10.04 Server:
>
> I have been trying for some considerable time to get a Windows XP
> guest to recognise a USB Canon printer. I have searched google
> endlessly and applied a number of changes to apparmor profiles. I am
> still not able to get the guest to recognise that there a USB device
> attached. I was originally getting repeated messages in kern.log as
> below but the apparmor changes did resolve these:
>
> May 22 08:01:51 vmserver kernel: [424696.858434] type=1503
> audit(1306047711.654:81239): operation="open" pid=19695 parent=1
> profile="libvirt-629433c8-3714-561b-8e91-4a8a9bb65b9f"
> requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0
> name="/sys/devices/pci0000:00/0000:00:05.0/0000:02:00.0/usb8/devnum"
>
> I am now left with messages in the VM log file as follows which I
> cannot find a solution for:
>
> char device redirected to /dev/pts/5
> usb_create: no bus specified, using "usb.0" for "usb-host"
> husb: open device 1.4
> /dev/bus/usb/001/004: Operation not permitted
> husb: open device 1.4
> /dev/bus/usb/001/004: Operation not permitted
> husb: open device 1.4
>
>
> This is a fairly basic requirement and hopefully a solution already exists.
>
> ProblemType: Bug
> DistroRelease: Ubuntu 10.04
> Package: kvm 1:84+dfsg-0ubuntu16+0.12.3+noroms+0ubuntu9.6
> ProcVersionSignature: Ubuntu 2.6.32-31.61-server 2.6.32.32+drm33.14
> Uname: Linux 2.6.32-31-server x86_64
> NonfreeKernelModules: fglrx
> Architecture: amd64
> Date: Mon May 23 17:33:39 2011
> InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
> KvmCmdLine:
> UID PID PPID C SZ RSS PSR STIME TTY TIME CMD
> root 3604 1 25 188376 364400 1 15:55 ? 00:24:30 /usr/bin/kvm -S -M pc-0.12 -enable-kvm -m 512 -smp 2,cores=2 -name Trixbox2.8 -uuid c19e7ccd-6a2d-35b0-5e0a-e9832434c517 -chardev socket,id=monitor,path=/var/lib/libvirt/qemu/Trixbox2.8.monitor,server,nowait -monitor chardev:monitor -boot c -drive file=/var/lib/libvirt/images/Trixbox2.8.img,if=virtio,index=0,boot=on,format=raw -drive if=ide,media=cdrom,ind...

Serge,
I have uncommented the cgroup_controllers line out of qemu.conf and rebooted but still have the problem. I will attach this file and the xmldump of the vm. Is there a way of completely taking cgroup out of the picture. I believe I mounted this when I was experimenting with LXC but I no longer use this.

Regards

Roy

Quoting Royston Carter (<email address hidden>):
> Serge,
> I have uncommented the cgroup_controllers line out of qemu.conf and rebooted
> but still have the problem. I will attach this file and the xmldump of the
> vm. Is there a way of completely taking cgroup out of the picture.

Yes. You simply make sure they are not mounted at boot. If you set them
up by adding a line to /etc/fstab reading something like:

cgroup /sys/fs/cgroup cgroup defaults 0 0

Then just remove that line, and 'sudo umount -a -t cgroup' or reboot.

If you installed cgroup-bin, then just uninstall that by doing
'sudo apt-get purge cgroup-bin'. You may after that still need to do
'sudo umount -a -t cgroup' or reboot.

Serge,
     I have commented out the cgroup line in fstab and rebooted. My
Virtual machine is now able to see my USB printer !

Regards

Roy

On 05/07/2011 14:07, Serge Hallyn wrote:
> Quoting Royston Carter (<email address hidden>):
>> Serge,
>> I have uncommented the cgroup_controllers line out of qemu.conf and rebooted
>> but still have the problem. I will attach this file and the xmldump of the
>> vm. Is there a way of completely taking cgroup out of the picture.
> Yes. You simply make sure they are not mounted at boot. If you set them
> up by adding a line to /etc/fstab reading something like:
>
> cgroup /sys/fs/cgroup cgroup defaults 0 0
>
> Then just remove that line, and 'sudo umount -a -t cgroup' or reboot.
>
> If you installed cgroup-bin, then just uninstall that by doing
> 'sudo apt-get purge cgroup-bin'. You may after that still need to do
> 'sudo umount -a -t cgroup' or reboot.
>

Thanks, that's good to know.

Given that your xml has:

−
<hostdev mode="subsystem" type="usb" managed="yes">
−
<source>
<vendor id="0x04a9"/>
<product id="0x1717"/>
</source>
</hostdev>

and discussion on irc claimed that libvirt should be adding any specified usb devices to the whitelist, I can finally mark this Confirmed, in fact Triaged. The fix may turn out to be hard to implement, but is at least simple conceptually.

Serge,
Thanks again for your assistance with this. I will leave cgroup un-mounted for now as I do not believe I lose anything by doing so.

After all this effort I suspect the lack of qemu USB2 support will be a show stopper anyway

Best regards

Roy

Sent from my iPad

On 6 Jul 2011, at 00:08, Serge Hallyn <email address hidden> wrote:

> Thanks, that's good to know.
>
> Given that your xml has:
>
> −
> <hostdev mode="subsystem" type="usb" managed="yes">
> −
> <source>
> <vendor id="0x04a9"/>
> <product id="0x1717"/>
> </source>
> </hostdev>
>
> and discussion on irc claimed that libvirt should be adding any
> specified usb devices to the whitelist, I can finally mark this
> Confirmed, in fact Triaged. The fix may turn out to be hard to
> implement, but is at least simple conceptually.
>
> ** Changed in: qemu-kvm (Ubuntu)
> Status: Confirmed => Triaged
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/787091
>
> Title:
> Unable to use USB device in KVM quest
>
> Status in “qemu-kvm” package in Ubuntu:
> Triaged
>
> Bug description:
> Binary package hint: qemu-kvm
>
> Ubuntu 10.04 Server:
>
> I have been trying for some considerable time to get a Windows XP
> guest to recognise a USB Canon printer. I have searched google
> endlessly and applied a number of changes to apparmor profiles. I am
> still not able to get the guest to recognise that there a USB device
> attached. I was originally getting repeated messages in kern.log as
> below but the apparmor changes did resolve these:
>
> May 22 08:01:51 vmserver kernel: [424696.858434] type=1503
> audit(1306047711.654:81239): operation="open" pid=19695 parent=1
> profile="libvirt-629433c8-3714-561b-8e91-4a8a9bb65b9f"
> requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0
> name="/sys/devices/pci0000:00/0000:00:05.0/0000:02:00.0/usb8/devnum"
>
> I am now left with messages in the VM log file as follows which I
> cannot find a solution for:
>
> char device redirected to /dev/pts/5
> usb_create: no bus specified, using "usb.0" for "usb-host"
> husb: open device 1.4
> /dev/bus/usb/001/004: Operation not permitted
> husb: open device 1.4
> /dev/bus/usb/001/004: Operation not permitted
> husb: open device 1.4
>
>
> This is a fairly basic requirement and hopefully a solution already exists.
>
> ProblemType: Bug
> DistroRelease: Ubuntu 10.04
> Package: kvm 1:84+dfsg-0ubuntu16+0.12.3+noroms+0ubuntu9.6
> ProcVersionSignature: Ubuntu 2.6.32-31.61-server 2.6.32.32+drm33.14
> Uname: Linux 2.6.32-31-server x86_64
> NonfreeKernelModules: fglrx
> Architecture: amd64
> Date: Mon May 23 17:33:39 2011
> InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
> KvmCmdLine:
> UID PID PPID C SZ RSS PSR STIME TTY TIME CMD
> root 3604 1 25 188376 364400 1 15:55 ? 00:24:30 /usr/bin/kvm -S -M pc-0.12 -enable-kvm -m 512 -smp 2,cores=2 -name Trixbox2.8 -uuid c19e7ccd-6a2d-35b0-5e0a-e9832434c517 -chardev socket,id=monitor,path=/var/lib/libvirt/qemu/Trixbox2.8.monitor,server,nowait -monitor chardev:monitor -boot c -d...

Hello,

I am experiencing the same problem -I think.
husb: open device 2.3
/dev/bus/usb/002/003: Operation not permitted
root@zentyal:/var/lib/zentyal/machines/wg# chmod 777 /dev/bus/usb/002/003

root@zentyal:/var/lib/zentyal/machines/wg# lsof /dev/bus/usb/001/002

Unfortunately, the fix does not work for me:

umount -a -t cgroup
error: Failed to create domain from /var/lib/zentyal/machines/wg/domain.xml
error: internal error Unable to find cgroup for wg

Please let me know, if this is a different issue/and/or I should open a new bug.

Regards,
Hendrik

Hendrik,
The issue I had was due to cgroup and unmounting it did fix the issue. There had also been discussion about Aparmor but I would raise an issue if I were you

Regards

Roy

Sent from my iPad

On 16 Feb 2012, at 21:30, Hendrik Friedel <email address hidden> wrote:

> Hello,
>
> I am experiencing the same problem -I think.
> husb: open device 2.3
> /dev/bus/usb/002/003: Operation not permitted
> root@zentyal:/var/lib/zentyal/machines/wg# chmod 777 /dev/bus/usb/002/003
>
> root@zentyal:/var/lib/zentyal/machines/wg# lsof /dev/bus/usb/001/002
>
>
> Unfortunately, the fix does not work for me:
>
> umount -a -t cgroup
> error: Failed to create domain from /var/lib/zentyal/machines/wg/domain.xml
> error: internal error Unable to find cgroup for wg
>
> Please let me know, if this is a different issue/and/or I should open a
> new bug.
>
> Regards,
> Hendrik
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/787091
>
> Title:
> Unable to use USB device in KVM quest
>
> Status in “qemu-kvm” package in Ubuntu:
> Triaged
>
> Bug description:
> Binary package hint: qemu-kvm
>
> Ubuntu 10.04 Server:
>
> I have been trying for some considerable time to get a Windows XP
> guest to recognise a USB Canon printer. I have searched google
> endlessly and applied a number of changes to apparmor profiles. I am
> still not able to get the guest to recognise that there a USB device
> attached. I was originally getting repeated messages in kern.log as
> below but the apparmor changes did resolve these:
>
> May 22 08:01:51 vmserver kernel: [424696.858434] type=1503
> audit(1306047711.654:81239): operation="open" pid=19695 parent=1
> profile="libvirt-629433c8-3714-561b-8e91-4a8a9bb65b9f"
> requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0
> name="/sys/devices/pci0000:00/0000:00:05.0/0000:02:00.0/usb8/devnum"
>
> I am now left with messages in the VM log file as follows which I
> cannot find a solution for:
>
> char device redirected to /dev/pts/5
> usb_create: no bus specified, using "usb.0" for "usb-host"
> husb: open device 1.4
> /dev/bus/usb/001/004: Operation not permitted
> husb: open device 1.4
> /dev/bus/usb/001/004: Operation not permitted
> husb: open device 1.4
>
>
> This is a fairly basic requirement and hopefully a solution already exists.
>
> ProblemType: Bug
> DistroRelease: Ubuntu 10.04
> Package: kvm 1:84+dfsg-0ubuntu16+0.12.3+noroms+0ubuntu9.6
> ProcVersionSignature: Ubuntu 2.6.32-31.61-server 2.6.32.32+drm33.14
> Uname: Linux 2.6.32-31-server x86_64
> NonfreeKernelModules: fglrx
> Architecture: amd64
> Date: Mon May 23 17:33:39 2011
> InstallationMedia: Ubuntu-Server 10.04 LTS "Lucid Lynx" - Release amd64 (20100427)
> KvmCmdLine:
> UID PID PPID C SZ RSS PSR STIME TTY TIME CMD
> root 3604 1 25 188376 364400 1 15:55 ? 00:24:30 /usr/bin/kvm -S -M pc-0.12 -enable-kvm -m 512 -smp 2,cores=2 -name Trixbox2.8 -uuid c19e7ccd-6a2d-35b0-5e0a-e9832434c517 -chardev socket,id=monitor,path=/var/lib/libvirt/qemu/Trixbox2.8.monitor,server,nowait -monitor chardev:monitor -boot c -drive file=/va...

Thanks for your Reply, Roy.

Well, maybe unmounting the cgroup might help here aswell. But without the cgroup, I cannot even start the VM...

Greetings,
Hendrik

@Hendrik,

I suspect you left libvirt running while unmount the cgroup filesystems. Libvirt prepares and caches info about the mounted cgrousp when it starts up, and cannot handle changes.

Please try instead:

stop libvirt-bin
umount -a -t cgroup
start libvirt-bin

But actually, before you do that, coudl you tell me how the cgroups were mounted? Do you have the cgroup-bin or cgroup-lite package installed, or is it manually mounted with fstab? ('dpkg -l | grep cgroup' and 'cgroup cgroup /etc/fstab' should help)

@Hendrik,

note that if you can find the major:minor of the device you want to attach, you can grant the VM access manually. Assuming you just hot-plugged this usb drive, use 'dmesg' to find the device. If it's sdc, for instance, then do

ls -l /dev/sdc

and find:

brw-rw---- 1 root disk 8, 32 Feb 19 20:45 /dev/sdc

Now you can grant the VM called wg access by doing:

echo "b 8:32 rwm" > /sys/fs/cgroup/devices/libvirt/qemu/wg/devices.allow

Hello Serge,

thanks for the hint.
I was now successful.

The problems I had were:
a) The same Problem, Roy had
b) unmounting the cgroups led to the problem, that I could not start the VM anymore

Removing the cgroups form the fstab and rebooting though helped. I was then again able to boot the vma and the Problem a was solved, as explained in this bug.

Thanks and Regards,
Hendrik

there is a summary? short hint? a wiki?
On windows 7 image, without virtio, how does it could be used a usb stick? on ubuntu 12.10

@Daniele,

I'm not sure what you are wanting to do. I suspect your best bet will be to go to askubuntu.com with details.

I'm quite certain that this bug has been fixed for some time in libvirt, perhaps with http://www.redhat.com/archives/libvir-list/2010-November/msg00006.html. I'm marking this Fix released. If anyone can reproduce this in raring please do re-open with detailed reproduction steps.

Same or at least similar problem here.

VM runs is a clean Server ubuntu-12.04.2-server-amd64 with only ssh installed.

Host System is a Raring System also 64bit setup with virt-install
Apparmor is deinstalled so it won't disturb/distract
qemu.conf has two changes:
a) user= "+0", so that permission issues won't disturb the testcase.
b) cgroup_controllers = [ "cpu", "devices", "memory", "blkio", "cpuset", "cpuacct" ]

cgroup-lite is installled and mounts cgroups !

if i now use qemu monitor to passthrough a device by hostport like that(take sensible bus and port to reproduce):

add_device usb-host,hostbus=8,hostport=2

i see permission denied errors:
husb: open /dev/bus/usb/008/008: Operation not permitted
husb: open /dev/bus/usb/008/009: Operation not permitted

once i unmount all cgroup, everything works fine. the devices apear in the vm once they are pluged in.

i see the same thing happenning on other machinges with ubuntu-12.04.2 guest on ubuntu-12.04.2 host(fairly fresh install).
hth

@Kai,

The cgroup protections are implemented by libvirt without qemu's knowledge. By using the qemu monitor to attach the devices you are bypassing libvirt, so it has no chance to give the qemu process the needed permissions.

Please try using 'virsh attach-device' (see 'virsh help attach-device' for more information). If that fails, please do let us know.