Ubuntu
libvirt package

  1. Bug #1552241
  2. Comment #10

Comment 10 for bug 1552241

Revision history for this message
RussianNeuroMancer (russianneuromancer) wrote :

Hello, Christian!

I tested this issue again today and find that half of my problem was in /etc/apparmor.d/abstractions/libvirt-qemu add that was overwritten by package update. So I applied both workarounds once again:

Workaround 1: https://help.ubuntu.com/community/KVM/Managing#Adding_USB_Device_Pass-through
Workaround 2: from bug description.

However, this does not help:
error: Failed to start domain usbtesting
error: внутренняя ошибка: qemu unexpectedly closed the monitor: 2017-09-10T16:49:42.791870Z qemu-system-x86_64: -chardev pty,id=charserial0: char device redirected to /dev/pts/13 (label charserial0)
libusb: error [_get_usbfs_fd] libusb couldn't open USB device /dev/bus/usb/002/002: Permission denied
libusb: error [_get_usbfs_fd] libusb requires write access to USB device nodes.
2017-09-10T16:49:42.856467Z qemu-system-x86_64: -device usb-host,hostbus=2,hostaddr=2,id=hostdev0,bus=usb.0,port=4: failed to open host usb device 2:2

So looks like in my case real issue is bug 1686324

1.
<hostdev mode='subsystem' type='usb' managed='yes'>
  <source>
    <vendor id='0x13fe'/>
    <product id='0x3e00'/>
  </source>
  <address type='usb' bus='0' port='4'/>
</hostdev>
2.
Bus 002 Device 002: ID 13fe:3e00 Kingston Technology Company Inc. Flash Drive
3.
[289497.500034] audit: type=1400 audit(1505062322.005:294): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="libvirt-57e625bc-be94-4d72-a03f-954babffb79f" pid=18312 comm="apparmor_parser"
[289497.598622] audit: type=1400 audit(1505062322.103:295): apparmor="DENIED" operation="open" profile="libvirt-57e625bc-be94-4d72-a03f-954babffb79f" name="/dev/bus/usb/002/002" pid=18322 comm="qemu-system-x86" requested_mask="wr" denied_mask="wr" fsuid=102 ouid=102
4.
"/var/log/libvirt/**/usbtesting.log" w,
"/var/lib/libvirt/qemu/domain-usbtesting/monitor.sock" rw,
"/var/lib/libvirt/qemu/domain-34-usbtesting/*" rw,
"/var/lib/libvirt/qemu/channel/target/domain-34-usbtesting/*" rw,
"/var/run/libvirt/**/usbtesting.pid" rwk,
"/run/libvirt/**/usbtesting.pid" rwk,
"/var/run/libvirt/**/*.tunnelmigrate.dest.usbtesting" rw,
"/run/libvirt/**/*.tunnelmigrate.dest.usbtesting" rw,
"/var/lib/libvirt/images/usbtesting.img" rwk,
"/dev/bus/usb/000/000" rw,
/dev/vhost-net rw,
"/dev/net/tun" rw,

For now I get things working by adding
/dev/bus/usb/*/* rw,
after Workaround 2, but this probably very bad idea. What is proper solution for this?