diff -Nru libvirt-5.0.0/debian/changelog libvirt-5.0.0/debian/changelog --- libvirt-5.0.0/debian/changelog 2021-02-26 11:57:36.000000000 +0200 +++ libvirt-5.0.0/debian/changelog 2021-11-19 14:30:04.000000000 +0200 @@ -1,3 +1,10 @@ +libvirt (5.0.0-1ubuntu2.6~cloud2.2) bionic-stein; urgency=medium + + * d/p/u/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch: + avoid issues due to corrupted apparmor profiles (LP: #1927519) + + -- Ioanna Alifieraki Fri, 19 Nov 2021 14:30:04 +0200 + libvirt (5.0.0-1ubuntu2.6~cloud2.1) bionic-stein; urgency=medium * d/p/lp1915811-*: Fix NUMA topology population for machines with high number diff -Nru libvirt-5.0.0/debian/patches/series libvirt-5.0.0/debian/patches/series --- libvirt-5.0.0/debian/patches/series 2021-02-26 11:57:36.000000000 +0200 +++ libvirt-5.0.0/debian/patches/series 2021-11-19 14:25:30.000000000 +0200 @@ -69,3 +69,4 @@ ubuntu-aa/lp-1847361-load-versioned-module.patch ubuntu/lp1915811-01-virnuma-Don-t-work-around-numa_node_to_cpus.patch ubuntu/lp1915811-02-virnuma-Use-numa_nodes_ptr-when-checking-av.patch +ubuntu/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch diff -Nru libvirt-5.0.0/debian/patches/ubuntu/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch libvirt-5.0.0/debian/patches/ubuntu/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch --- libvirt-5.0.0/debian/patches/ubuntu/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch 1970-01-01 02:00:00.000000000 +0200 +++ libvirt-5.0.0/debian/patches/ubuntu/lp-1927519-virt-aa-helper-Purge-profile-if-corrupted.patch 2021-11-19 14:29:50.000000000 +0200 @@ -0,0 +1,71 @@ +From 4ab33415db31d0e77015bb852cab4a08dd0efd40 Mon Sep 17 00:00:00 2001 +From: Ioanna Alifieraki +Origin: Upstream, https://gitlab.com/libvirt/libvirt/-/commit/4ab33415db31d0e77015bb852cab4a08dd0efd40 +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1927519 +Date: Tue, 2 Nov 2021 16:04:45 +0200 +Subject: [PATCH] virt-aa-helper: Purge profile if corrupted +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +This commit aims to address the bug reported in [1] and [2]. +If the profile is corrupted (0-size) the VM cannot be launched. +To overcome this, check if the profile exists and if it has 0 size +remove it. + +[1] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890084 +[2] https://bugs.launchpad.net/bugs/1927519 + +Signed-off-by: Ioanna Alifieraki +Reviewed-by: Christian Ehrhardt +Reviewed-by: Ján Tomko + +Origin: upstream, https://libvirt.org/git/?p=libvirt.git;a=commit;h=4ab33415db +Bug-Ubuntu: https://bugs.launchpad.net/bugs/1927519 +--- + src/security/virt-aa-helper.c | 20 +++++++++++++++++++- + 1 file changed, 19 insertions(+), 1 deletion(-) + +--- a/src/security/virt-aa-helper.c ++++ b/src/security/virt-aa-helper.c +@@ -1415,6 +1415,8 @@ main(int argc, char **argv) + int rc = -1; + char *profile = NULL; + char *include_file = NULL; ++ off_t size; ++ bool purged = 0; + + if (virGettextInitialize() < 0 || + virThreadInitialize() < 0 || +@@ -1469,6 +1471,22 @@ main(int argc, char **argv) + if (ctl->cmd == 'c' && virFileExists(profile)) + vah_error(ctl, 1, _("profile exists")); + ++ /* ++ * Rare cases can leave corrupted empty files behind breaking ++ * the guest. An empty file is never correct as virt-aa-helper ++ * would at least add the basic rules, therefore clean this up ++ * for a proper refresh. ++ */ ++ if (virFileExists(profile)) { ++ size = virFileLength(profile, -1); ++ if (size == 0) { ++ vah_warning(_("Profile of 0 size detected, will attempt to remove it")); ++ if ((rc = parserRemove(ctl->uuid) != 0)) ++ vah_error(ctl, 1, _("could not remove profile")); ++ unlink(profile); ++ purged = true; ++ } ++ } + if (ctl->append && ctl->newfile) { + if (vah_add_file(&buf, ctl->newfile, "rwk") != 0) + goto cleanup; +@@ -1517,7 +1535,7 @@ main(int argc, char **argv) + + + /* create the profile from TEMPLATE */ +- if (ctl->cmd == 'c') { ++ if (ctl->cmd == 'c' || purged) { + char *tmp = NULL; + if (virAsprintfQuiet(&tmp, " #include \n", + ctl->uuid) == -1) {