Ubuntu
libvirt package

Apparmor denies qemu access to /tmp directory

Bug #1365261 reported by Takenori MATSUMOTO on 2014-09-04

This bug affects 5 people

Affects		Status	Importance	Assigned to	Milestone
	libvirt (Ubuntu)	Fix Released	Low	Unassigned

Bug Description

I find the following messages in syslog.

Sep 1 07:12:38 cn1 kernel: [510962.435074] type=1400 audit(1409523158.899:794): apparmor="DENIED" operation="open" profile="libvirt-62ecd5a8-9b3b-4320-92f0-e54ef8cdf851" name="/tmp/" pid=11254 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=109 ouid=0
Sep 1 07:12:38 cn1 kernel: [510962.435085] type=1400 audit(1409523158.899:795): apparmor="DENIED" operation="open" profile="libvirt-62ecd5a8-9b3b-4320-92f0-e54ef8cdf851" name="/var/tmp/" pid=11254 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=109 ouid=0

Is this OK to just ignore this messages? Or if this is bug, is there solution or workaround?

Seeing nova-compute.log, at the time, nova-compute just tried to create an instance.

2014-09-01 07:12:38.096 3245 INFO nova.virt.libvirt.driver [req-fd1d0575-0c7a-4977-a9bd-605824da7612 c771d7600a4445d98ef365311dab7b51 f468ee3dda1142c587cf44d31031eca9] [instance: 62ecd5a8-9b3b-4320-92f0-e54ef8cdf851] Creating image
2014-09-01 07:12:38.212 3245 INFO nova.virt.libvirt.firewall [req-fd1d0575-0c7a-4977-a9bd-605824da7612 c771d7600a4445d98ef365311dab7b51 f468ee3dda1142c587cf44d31031eca9] [instance: 62ecd5a8-9b3b-4320-92f0-e54ef8cdf851] Called setup_basic_filtering in nwfilter
2014-09-01 07:12:38.212 3245 INFO nova.virt.libvirt.firewall [req-fd1d0575-0c7a-4977-a9bd-605824da7612 c771d7600a4445d98ef365311dab7b51 f468ee3dda1142c587cf44d31031eca9] [instance: 62ecd5a8-9b3b-4320-92f0-e54ef8cdf851] Ensuring static filters
2014-09-01 07:12:39.093 3245 INFO nova.compute.manager [-] Lifecycle event 0 on VM 62ecd5a8-9b3b-4320-92f0-e54ef8cdf851
2014-09-01 07:12:39.163 3245 INFO nova.virt.libvirt.driver [-] [instance: 62ecd5a8-9b3b-4320-92f0-e54ef8cdf851] Instance spawned successfully.
2014-09-01 07:12:39.191 3245 INFO nova.compute.manager [-] [instance: 62ecd5a8-9b3b-4320-92f0-e54ef8cdf851] During sync_power_state the instance has a pending task (spawning). Skip.

A volume was attached to the instance after that, then the instance was destroyed.

2014-09-01 07:14:09.597 3245 AUDIT nova.compute.manager [req-7120818d-61a7-4f78-8a22-f186034f3da1 c771d7600a4445d98ef365311dab7b51 f468ee3dda1142c587cf44d31031eca9] [instance: 62ecd5a8-9b3b-4320-92f0-e54ef8cdf851] Attaching volume 4531347c-71fe-4571-985b-a4b9ae3ab70e to /dev/vdb

2014-09-01 07:20:11.584 3245 AUDIT nova.compute.manager [req-da17d4bd-1d23-4ead-888f-da5e66dde656 c771d7600a4445d98ef365311dab7b51 f468ee3dda1142c587cf44d31031eca9] [instance: 62ecd5a8-9b3b-4320-92f0-e54ef8cdf851] Detach volume 4531347c-71fe-4571-985b-a4b9ae3ab70e from mountpoint /dev/vdb

2014-09-01 07:21:14.313 3245 INFO nova.compute.manager [-] Lifecycle event 1 on VM 62ecd5a8-9b3b-4320-92f0-e54ef8cdf851
2014-09-01 07:21:14.317 3245 INFO nova.virt.libvirt.driver [-] [instance: 62ecd5a8-9b3b-4320-92f0-e54ef8cdf851] Instance destroyed successfully.

It seems this messages cause no problem. But I don't know whether this DENIED error from apparmor can be ignored.
In another running test, we saw the message with an error of accessing ceph file.

Aug 4 06:36:02 cn1 kernel: [1058887.801002] type=1400 audit(1407101762.890:2098): apparmor="DENIED" operation="open" profile="libvirt-53a1d479-2299-4069-a691-72f3f5ae7a6e" name="/tmp/" pid=8336 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=110 ouid=0
Aug 4 06:36:02 cn1 kernel: [1058887.801012] type=1400 audit(1407101762.890:2099): apparmor="DENIED" operation="open" profile="libvirt-53a1d479-2299-4069-a691-72f3f5ae7a6e" name="/var/tmp/" pid=8336 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=110 ouid=0
Aug 4 06:37:31 cn1 kernel: [1058976.654848] type=1400 audit(1407101851.714:2102): apparmor="DENIED" operation="open" profile="libvirt-53a1d479-2299-4069-a691-72f3f5ae7a6e" name="/etc/ceph/ceph.client.cinder.keyring" pid=8336 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=110 ouid=108

It could be possibility that ceph library linked to qemu-system-x86 tried to access forbidden files.

- Software versions
ii nova-common 1:2014.1.2-0ubuntu1.1 all OpenStack Compute - common files
ii nova-compute 1:2014.1.2-0ubuntu1.1 all OpenStack Compute - compute node base
ii nova-compute-kvm 1:2014.1.2-0ubuntu1.1 all OpenStack Compute - compute node (KVM)
ii nova-compute-libvirt 1:2014.1.2-0ubuntu1.1 all OpenStack Compute - compute node libvirt support

ii qemu-system-x86 2.0.0+dfsg-2ubuntu1.2 amd64 QEMU full system emulation binaries (x86)
ii ceph-common 0.80.1-0ubuntu1.1 amd64 common utilities to mount and interact with a ceph storage cluster

Tags:

CVE References

Chuck Short (zulcss) on 2014-11-28

affects:

nova (Ubuntu) → libvirt (Ubuntu)

Dave Chiluk (chiluk) on 2014-12-04

tags:

added: cts

Revision history for this message

Dave Chiluk (chiluk) wrote on 2014-12-17:

I accidentally opened a similar but slightly different bug to this one at
https://bugs.launchpad.net/charms/+source/ceph/+bug/1403648

These messages can be safely ignored, although we are pursuing a way to clean them up.

Revision history for this message

Serge Hallyn (serge-hallyn) wrote on 2014-12-19:

So should this be marked a dup of 1403648 or not? That is, will the proposed fix in that bug's comments also clean up this bug?

Marking low priority since "these messages can be safely ignored".

Changed in libvirt (Ubuntu):
importance:	Undecided → Low
status:	New → Confirmed

Revision history for this message

Dave Chiluk (chiluk) wrote on 2014-12-19:

@Takenori
These messages can be worked around by editing /etc/apparmor.d/abstractions/libvirt-qemu as such
__________________________________________________________
--- libvirt-qemu.orig 2014-12-19 20:13:31.162926539 +0000
+++ libvirt-qemu 2014-12-19 20:20:32.226276231 +0000
@@ -130,6 +130,7 @@

# for rbd
/etc/ceph/ceph.conf r,
+ /var/lib/charm/ceph/ceph.conf r,

   # for access to hugepages
   owner "/run/hugepages/kvm/libvirt/qemu/**" rw,
@@ -146,3 +147,8 @@
   # for ppc device-tree access
   @{PROC}/device-tree/ r,
   @{PROC}/device-tree/** r,
+
+ # deny qemu access to /tmp
+ deny /tmp/ r,
+ deny /var/tmp/ r,
+
----------------------------------------------------------------------------------

You are correct in assuming that qemu using librbd to talk to the ceph cluster which in turn invokes reads on /etc/ceph/ceph.conf. However I'm not sure why your specific setup is attempting to access your cinder keyring. If I understand correctly once the ceph.conf is read it should use the secret contained in the libvirt xml definition for the VM rather than the global keyrings. Can you please verify that your libvirt xml for related guests has a line like
<secret type='ceph' uuid='514c9fca-8cbe-11e2-9c52-3bc8c7819472'/>
albeit with a different uuid?

Also can you then check /etc/libvirt/secrets/<uuid.xml> and check where it's pointing?

Recent revisions of the charms have the secret file pointing at <name>client.nova-compute secret</name> on nova-compute nodes rather than the cinder key. Which really only should get used on the cinder node.

Additionally I was unable to reproduce the error similar to "Aug 4 06:37:31 cn1 kernel: [1058976.654848] type=1400 audit(1407101851.714:2102): apparmor="DENIED" operation="open" profile="libvirt-53a1d479-2299-4069-a691-72f3f5ae7a6e" name="/etc/ceph/ceph.client.cinder.keyring" pid=8336 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=110 ouid=108" .

Revision history for this message

Helio Loureiro (helioloureiro) wrote on 2017-02-03:

Issue back on Xenial, 16.04.

I commented the denials statements and included an extra "/tmp rw," to ensure it could access properly /tmp directory.

Revision history for this message

Nathan Rennie-Waldock (nathan-renniewaldock) wrote on 2017-06-01:

In normal use, this doesn't seem to be an issue. However, access to /tmp is required to enable qemu's samba server.

Revision history for this message

Paul Donohue (s-launchpad-paulsd-com) wrote on 2018-08-08:

To use qemu's samba server without allowing access to all of /tmp, you can add the following lines to /etc/apparmor.d/abstractions/libvirt-qemu somewhere above the deny rule:

owner /tmp/qemu-smb.*/ rw,
owner /tmp/qemu-smb.*/* rw,

It would be nice if this could be included in the official version of that file...

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2018-08-09:

FYI Broken the smb related discussion into new bug 1786159

Revision history for this message

Launchpad Janitor (janitor) wrote on 2018-08-18:

Download full text (15.5 KiB)

This bug was fixed in the package libvirt - 4.6.0-2ubuntu1

---------------
libvirt (4.6.0-2ubuntu1) cosmic; urgency=medium

This bug was fixed in the package libvirt - 4.6.0-2ubuntu1

---------------
libvirt (4.6.0-2ubuntu1) cosmic; urgency=medium

* Merged with Debian unstable (LP: #1786957).
    Among many other new features and fixes this includes fixes
    for (LP: #1754871), Remaining changes:
    - Disable libssh2 support (universe dependency)
    - Disable firewalld support (universe dependency)
    - Set qemu-group to kvm (for compat with older ubuntu)
    - Additional apport package-hook
    - Autostart default bridged network (As upstream does, but not Debian).
      In addition to just enabling it our solution provides:
      + do not autostart if subnet is already taken (e.g. in guests).
      + iterate some alternative subnets before giving up
    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
      the group based access to libvirt functions as it was used in Ubuntu
      for quite long.
      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
        due to the group access change.
      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
        group.
    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
    - d/p/ubuntu/enable-kvm-spice.patch: compat with older Ubuntu qemu/kvm
      which provided a separate kvm-spice.
    - Xen related
      - d/p/ubuntu/ubuntu-libxl-qemu-path.patch: this change was split. The
        section that adapts the path of the emulator to the Debian/Ubuntu
        packaging is kept.
      - d/p/ubuntu/ubuntu-libxl-Fix-up-VRAM-to-minimum-requirements.patch: auto
        set VRAM to minimum requirements
      - d/p/ubuntu/xen-default-uri.patch: set default URI on xen hosts
      - Add libxl log directory
      - libvirt-uri.sh: Automatically switch default libvirt URI for users on
        Xen dom0 via user profile (was missing on changelogs before)
    - d/p/ubuntu/apibuild-skip-libvirt-common.h: drop libvirt-common.h from
      included_files to avoid build failures due to duplicate definitions.
    - Update README.Debian with Ubuntu changes
    - Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
    - Enable some additional features on ppc64el and s390x (for arch parity)
      + systemtap, zfs, numa and numad on s390x.
      + systemtap on ppc64el.
    - d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
      vmlinuz available and accessible (Debian bug 848314)
    - d/t/control, d/t/smoke-lxc: fix up lxc smoke test isolation
    - Add dnsmasq configuration to work with system wide dnsmasq (drop >18.04,
      no more UCA onto Xenial then which has global dnsmasq by default).
    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
    - Further upstreamed apparmor Delta, especially any new one
      Our former delta is split into logical pieces and is either Ubuntu only
      or is part of a continuous upstreaming effort.
      Listing related remaining changes in debian/patches/ubuntu-aa/:
      + 0001-apparmor-Allow-pygrub-to-run-on-Debian-Ubuntu.patch: apparmor:
        Allow pygrub to run on Debian/Ubuntu
      + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
        apparmor, libvirt-qemu: Allow read access to overcommit_memory
      + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
        apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
      + 0017-apparmor-virt-aa-helper-Allow-access-to-tmp-director.patch:
        apparmor, virt-aa-helper: Allow access to tmp directories
      + ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch:
        apparmor, virt-aa-helper: Allow various storage pools and image
        locations
      + 0021-apparmor-virt-aa-helper-Add-openvswitch-support.patch:
        apparmor, virt-aa-helper: Add openvswitch support
      + 0025-apparmor-fix-newer-virt-manager-1.4.0.patch: Add Apparmor
        permissions so virt-manager 1.4.0 viewing works (LP 1668681 1747442).
        Can be dropped >=libvirt 4.7
      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
        libvirt-qemu: Add 9p support
      + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
        add l to 9p file options.
      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
        commands executed by ubuntu only kvm wrapper on ppc64el
        (LP 1686621 & LP 1680384).
      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
        apparmor, virt-aa-helper: access for snapped nova
      + 0040-apparmor-add-mediation-rules-for-unconfined.patch:
        apparmor: add mediation rules for unconfined guests
        Can be dropped >=libvirt 4.7
    - d/rules: enable build time self tests on all architectures
    - run dnsmasq as libvirt-dnsmasq (LP: 1743718)
      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group on
        purge
      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmas config with user
        libvirt-dnsmasq and adapt the self tests to expect that config
      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users
    - debian/rules: disable the netcf backend. (LP: 1764314)
    - debian/control: drop libnetcf from Build-Depends.
    - ddebian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
      Secure Boot enabled variants of the OVMF firmware and variable store for
      the paths where we ship these files in Ubuntu.
    - d/rules: install virtlockd correctly with defaults file (LP: 1729516)
  * Added Changes
    - 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
      updated to take care of no more silencing and thereby hiding denials
      (LP 1719579 is an example)
    - 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
      updated to also allow the optionally placed ceph asok file (LP: #1779674)
    - 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: prepare
      profile for usrmerge (LP: #1784023)
    - Finalize the libvirt-bin -> libvirt-* transition in the apport
      package-hook.
    - d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch,
      d/libvirt-daemon-system.postinst: provide a local apparmor include
      for abstraction/libvirt-qemu (LP: #1786019)
    - d/p/ubuntu-aa/0051-allow-user-tmp.patch: some features need tmp, but we
      don't want blanket access. We only allow enumerating the base dir and
      reading owned files. Further features needing /tmp have to add local
      overrides, examples are qemu-smb and some modes of local snapshots.
      (LP: #1365261) Can be dropped >=libvirt 4.7
    - d/p/ubuntu-aa/0052-allow-to-preserve-dev-mountpoints.patch: Allow to
      preserve /dev mountpoints in qemu namespaces (LP: #1786168)
      Can be dropped >=libvirt 4.7
    - avoid service dependency issues on upgrade (LP: #1786179)
      This will in the long term be resolved in dh_* tools, but to let an
      upgrade work for now we need to drop the sysV scripts (which we don't
      use anyway) and slightly modify the systemd service to work with todays
      dh_systemd_start properly. Can be dropped once Debian bug 905772 is
      resolved in dh_* tools and libvirt uses those new code.
      - d/libvirt-daemon-system.virtlogd.init: removed sysV init file
      - d/libvirt-daemon-system.libvirtd.init: removed sysV init file
      - debian/libvirt-daemon-system.maintscript: rm_conffile for virtlogd
        and lbivirtd sysV init file
      - d/p/ubuntu/avoid-restarting-virtlog-socket.patch: drop Also references
        to virtlogd/virtlockd sockets as they would imply a restart of
        virtlogd breaking it.
      - d/t/smoke-lxc: use systemd instead of sysV to restart the service
  * Dropped Changes (upstream)
    - d/p/ubuntu/virt-aa-helper-Set-the-supported-features.patch: allow parsing
      of memory slots and other extended features without breaking
      virt-aa-helper (LP: 1746431).
    - d/p/stable/0001-Revert-qemu-monitor-do-not-report-error-on-shutdown.patch
    - d/p/stable/0002-nodedev-Fix-failing-to-parse-PCI-address-for-non-PCI.patch
    - d/p/stable/0003-qemu-assign-correct-type-of-PCI-address-for-vhost-sc.patch
    - d/p/stable/0004-qemu-Refresh-caps-cache-after-booting-a-different-ke.patch
    - d/p/stable/0005-qemu-auto-add-generic-xhci-rather-than-NEC-xhci-to-Q.patch
    - d/p/stable/0006-libvirtd-Explicit-dependency-on-systemd-machined.patch
    - d/p/stable/0007-rpc-fix-race-sending-and-encoding-sasl-data.patch
    - d/p/stable/0008-vhost-user-add-support-reconnect-for-vhost-user-port.patch
    - d/p/stable/0009-qemu-Fix-memory-leak-in-processGuestPanicEvent.patch
    - d/p/stable/0010-storage-util-Properly-ignore-errors-when-backing-vol.patch
    - d/p/stable/0011-conf-Use-correct-attribute-name-in-error-message.patch
    - d/p/stable/0012-util-json-Add-helper-to-return-string-or-number-prop.patch
    - d/p/stable/0013-util-storage-Parse-lun-for-iSCSI-protocol-from-JSON-.patch
    - d/p/stable/0014-virsh-Offer-only-persistent-domains-for-autostart.patch
    - d/p/stable/0015-blockjob-Fix-a-error-checking-of-blockjob-status-in-.patch
    - d/p/stable/0016-qemu-Expose-rx-tx_queue_size-in-qemu.conf-too.patch
    - d/p/stable/0017-qemu-migration-Refresh-device-information-after-tran.patch
    - d/p/stable/0018-qemuDomainRemoveMemoryDevice-unlink-memory-backing-f.patch
    - d/p/stable/0019-vbox-fix-SEGV-during-dumpxml-of-a-serial-port.patch
    - d/p/stable/0020-qemu-Initialize-priv-in-qemuDomainCoreDumpWithFormat.patch
    - d/p/stable/0021-fix-regex-to-check-CN-from-server-certificate.patch
    - d/p/stable/0022-storage-Fix-formatting-and-parsing-of-qemu-type-Unix.patch
    - d/p/stable/0023-util-storage-Remove-detected-authentication-data-for.patch
    - d/p/stable/0024-qemu-blockcopy-Add-check-for-bandwidth.patch
    - d/p/stable/0025-conf-move-generated-member-from-virMacAddr-to-virDom.patch
    - d/p/stable/0026-lxc-Drop-useless-check-in-live-device-update.patch
    - d/p/stable/0027-Pass-oldDev-to-virDomainDefCompatibleDevice-on-devic.patch
    - d/p/stable/0028-qemu-Fix-updating-device-with-boot-order.patch
    - d/p/stable/0030-daemon-fix-rpc-event-leak-on-error-path-in-remoteDis.patch
    - d/p/stable/0029-lxc-fix-rpc-event-leak-on-error-path-in-virLXCContro.patch
    - d/p/stable/0031-qemu-fix-memory-leak-of-vporttype-during-migration.patch
    - d/p/stable/0032-virsh-fixing-segfault-by-pool-autocompleter-function.patch
    - d/p/stable/0033-qemu-Fix-comparison-assignment-in-qemuDomainUpdateDe.patch
    - d/p/stable/0034-qemu-Fix-memory-leak-in-qemuConnectGetAllDomainStats.patch
    - d/p/stable/0035-libvirtd-fix-potential-deadlock-when-reloading.patch
    - d/p/stable/0036-qemu-Use-correct-bus-type-for-input-devices.patch
    - d/p/stable/0037-qemu-hostdev-Fix-the-error-on-VM-start-with-an-mdev-.patch
    - d/p/stable/0038-conf-Fix-crash-in-virDomainDefCompatibleDevice.patch
    - d/p/ubuntu/lp1688508-tools-avoid-text-spilling-into-variables.patch:
      avoid hanging on shutdown (LP: 1688508)
    - d/p/ubuntu-aa/0041-apparmor-add-ro-rule-for-sasl-GSSAPI-
      plugin-on-etc-g.patch fix issues if sasl is configured (LP: 1696471)
    - d/p/ubuntu-aa/0042-virt-aa-helper-resolve-yet-to-be-created-paths.patch
      ensure symlinks are resolved to get valid rules if interim parts of a path
      are a symlink (LP: 1752361)
    - d/p/ubuntu/lp1688508-tools-fix-variable-scope-in-in-check_guests_shutdown:
      avoid issues shutting down more guests than configured for parallel
      shutdown (LP: 1688508)
    - d/p/ubuntu-aa/lp1756394-virt-aa-helper-resolve-file-symlinks.patch: fix
      using devices that are symlinks (LP: 1756394)
    - Fix nvdimm memory and passthrough input devices for hotplug via
      domain security callbacks backporting upstream commits (LP: 1755153).
      + d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-InputLabel.patch
      + d/p/ubuntu-aa/lp1755153-apparmor-add-Set-Restore-MemoryLabel.patch
    - Fix nvdimm memory and passthrough input devices in initial guest
      description via virt-aa-helper (LP: 1757085).
      + d/p/ubuntu-aa/lp1757085-virt-aa-helper-nvdimm-memory.patch
      + d/p/ubuntu-aa/lp1757085-virt-aa-helper-passthrough-input.patch
    - Fix clean shut down of guests on system shutdown (LP: 1764668)
      + d/p/ubuntu/lp-1764668-do-not-report-unknown-guests.patch
      + d/p/ubuntu/lp-1764668-fix-check_guests_shutdown-loop.patch
    - SECURITY UPDATE: QEMU monitor DoS
      + debian/patches/CVE-2018-1064.patch: add size limit to
        src/qemu/qemu_agent.c.
      + CVE-2018-1064
    - SECURITY UPDATE: Speculative Store Bypass
      + debian/patches/CVE-2018-3639-1.patch: define the 'ssbd' CPUID feature
        bit in src/cpu/cpu_map.xml.
      + debian/patches/CVE-2018-3639-2.patch: define the 'virt-ssbd' CPUID
        feature bit in src/cpu/cpu_map.xml.
      + CVE-2018-3639
    - d/p/ubuntu-aa/lp1775777-vfio-usage-without-initial-hostdev.patch: fix
      hotplug use cases where the initial guest had no hostdev at all and
      therefore vrit-aa-helper did not allow /dev/vfio/vfio (LP: 1775777)
    - debian/patches/ubuntu/lp-1758037-nwfilter-increase-pcap-buffer-size.patch:
      Fix nwfilters that set CTRL_IP_LEARNING set to dhcp failing with "An error
      occurred, but the cause is unknown" due to a buffer being too small
      for pcap with TPACKET_V3 enabled (LP: 1758037)
    - SECURITY UPDATE: code injection via libnss_dns.so
      + debian/patches/CVE-2018-6764-1.patch: determine the hostname on
        startup in src/util/virlog.c.
      + debian/patches/CVE-2018-6764-2.patch: fix syntax-check in
        src/util/virlog.c.
      + debian/patches/CVE-2018-6764-3.patch: fix deadlock obtaining hostname
        in cfg.mk, src/util/virlog.c.
      + CVE-2018-6764
  * Dropped Changes (no upgrade path left that needs those)
    - Backwards compatible handling of group rename (can be dropped >18.04).
    - Modifications to adapt for our delayed switch away from libvirt-bin (can
      be dropped >18.04).
      + d/p/ubuntu/libvirtd-service-add-bin-alias.patch: systemd: define alias
        to old service name so that old references work
      + d/p/ubuntu/libvirtd-init-add-bin-alias.patch: sysv init: define alias
        to old service name so that old references work
      + d/control: transitional package with the old name and maintainer
        scripts to handle the transition
    - fix conffile upgrade handling to avoid obsolete files
      and inactive duplicates (LP 1694159)
    - conffile handling of files dropped in 3.5 (can be dropped >18.04)
      + /etc/init.d/virtlockd was sysv init only
      + /etc/apparmor.d/local/usr.sbin.libvirtd and
        /etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper are now generated
        by dh_apparmor as needed
    - d/libvirt-daemon-system.maintscript: remove the now dropped conffile
      /etc/cron.daily/libvirt-daemon-system
  * Dropped Changes (cleanups)
    - d/test/smoke-lxc workaround for debbug 848317/867379 (systemd has fixed
      one issue and the other is solved in libvirt by ensuring to move to the
      right cgroups.)
    - remove no more used libvirt-dnsmasq user (this was redundant since
      4.0.0-1ubuntu5 reintroduced a libvirt-dnsmasq user)
    - Disable selinux (now in main)

-- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Sat, 18 Aug 2018 14:40:58 +0200

Changed in libvirt (Ubuntu):
status:	Confirmed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulibvirt package

Apparmor denies qemu access to /tmp directory

Bug Description

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
libvirt package