Ubuntu
libvirt package

libvirtd apparmor profile disallows guestfwd commands

Bug #1757150 reported by agmt
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libvirt (Ubuntu)
New
Undecided
Unassigned

Bug Description

Qemu netdev user config:
"
<qemu:commandline>
    <qemu:arg value='-device'/>
    <qemu:arg value='virtio-net-pci,netdev=net0'/>
    <qemu:arg value='-netdev'/>
    <qemu:arg value='user,id=net0,restrict=on,guestfwd=tcp:10.0.2.1:80-cmd:nc 127.0.0.1 80'/>
</qemu:commandline>
"

Guest:
"
user@virt:~$ telnet 10.0.2.1 80
Trying 10.0.2.1...
Connected to 10.0.2.1.
Escape character is '^]'.
Error: execvp of nc failed: Permission denied
Connection closed by foreign host.
"

Host syslog: kernel: [ 3304.734625] audit: type=1400 audit(1521555265.758:307): apparmor="DENIED" operation="exec" profile="libvirt-a5cd32fb-9e91-4a13-8f48-6cd724b84a00" name="/bin/nc.openbsd" pid=8022 comm="qemu-system-x86" requested_mask="x" denied_mask="x" fsuid=64055 ouid=0

ProblemType: Bug
DistroRelease: Ubuntu 18.04
Package: libvirt0 4.0.0-1ubuntu5
ProcVersionSignature: Ubuntu 4.15.0-12.13-generic 4.15.7
Uname: Linux 4.15.0-12-generic x86_64
ApportVersion: 2.20.8-0ubuntu10
Architecture: amd64
CurrentDesktop: XFCE
Date: Tue Mar 20 17:09:31 2018
EcryptfsInUse: Yes
InstallationDate: Installed on 2017-10-05 (166 days ago)
InstallationMedia: Ubuntu 16.04.3 LTS "Xenial Xerus" - Release amd64 (20170801)
SourcePackage: libvirt
UpgradeStatus: No upgrade log present (probably fresh install)

Revision history for this message
agmt (agmt) wrote :
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.