libvirtd apparmor profile disallows guestfwd commands

Bug #1757150 reported by agmt on 2018-03-20
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libvirt (Ubuntu)
Undecided
Unassigned

Bug Description

Qemu netdev user config:
"
<qemu:commandline>
    <qemu:arg value='-device'/>
    <qemu:arg value='virtio-net-pci,netdev=net0'/>
    <qemu:arg value='-netdev'/>
    <qemu:arg value='user,id=net0,restrict=on,guestfwd=tcp:10.0.2.1:80-cmd:nc 127.0.0.1 80'/>
</qemu:commandline>
"

Guest:
"
user@virt:~$ telnet 10.0.2.1 80
Trying 10.0.2.1...
Connected to 10.0.2.1.
Escape character is '^]'.
Error: execvp of nc failed: Permission denied
Connection closed by foreign host.
"

Host syslog: kernel: [ 3304.734625] audit: type=1400 audit(1521555265.758:307): apparmor="DENIED" operation="exec" profile="libvirt-a5cd32fb-9e91-4a13-8f48-6cd724b84a00" name="/bin/nc.openbsd" pid=8022 comm="qemu-system-x86" requested_mask="x" denied_mask="x" fsuid=64055 ouid=0

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: libvirt0 4.0.0-1ubuntu5
ProcVersionSignature: Ubuntu 4.15.0-12.13-generic 4.15.7
Uname: Linux 4.15.0-12-generic x86_64
ApportVersion: 2.20.8-0ubuntu10
Architecture: amd64
CurrentDesktop: XFCE
Date: Tue Mar 20 17:09:31 2018
EcryptfsInUse: Yes
InstallationDate: Installed on 2017-10-05 (166 days ago)
InstallationMedia: Ubuntu 16.04.3 LTS "Xenial Xerus" - Release amd64 (20170801)
SourcePackage: libvirt
UpgradeStatus: No upgrade log present (probably fresh install)

agmt (quaker542-gmail) wrote :
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers