Ubuntu
libvirt package

  1. Bug #1962035
  2. Activity log

Activity log for bug #1962035

Date Who What changed Old value New value Message
2022-02-23 19:03:19 Katerina Koukiou bug added bug
2022-02-23 21:18:00 Martin Pitt bug watch added https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006324
2022-02-23 21:18:00 Martin Pitt bug task added apparmor (Debian)
2022-02-23 21:18:09 Martin Pitt bug added subscriber Martin Pitt
2022-02-23 21:45:50 Bug Watch Updater apparmor (Debian): status Unknown New
2022-02-25 12:55:45 Martin Pitt affects apparmor (Ubuntu) libvirt (Ubuntu)
2022-02-25 12:55:45 Martin Pitt libvirt (Ubuntu): status New Triaged
2022-02-25 12:55:45 Martin Pitt libvirt (Ubuntu): assignee Martin Pitt (pitti)
2022-02-25 13:59:37 Martin Pitt description # lsb_release -rd Description: Ubuntu 21.10 Release: 21.10 Package: apparmor Version: 3.0.3-0ubuntu1 Package: virtinst Version: 1:3.2.0-3 When trying to re-install an existing VM with uefi boot set up using the recently introduced `--reinstall` option apparmor makes the installation fail with the following error: Could not open '/var/lib/libvirt/qemu/nvram/test_VARS.fd': Permission denied Steps to reproduce: Create a VM: root@ubuntu:~# virt-install --connect qemu:///system --quiet --os-variant fedora28 --memory 1024 --name test --wait -1 --disk size=1,format=qcow2 --print-xml 1 > /tmp/test1.xml Edit the VM configuration to enable automatic UEFI boot by changing the <os> like follows: - <os> + <os firmware='efi'> Define the VM: root@ubuntu:~# virsh define /tmp/test1.xml Start VM installation: root@ubuntu:~# virt-install --connect qemu:///system --reinstall test --wait -1 --noautoconsole --cdrom /var/lib/libvirt/novell.iso --autostart WARNING No operating system detected, VM performance may suffer. Specify an OS with --os-variant for optimal results. Starting install... ERROR internal error: process exited while connecting to monitor: 2022-02-23T18:56:54.738510Z qemu-system-x86_64: -blockdev {"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/test_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}: Could not open '/var/lib/libvirt/qemu/nvram/test_VARS.fd': Permission denied Domain installation does not appear to have been successful. If it was, you can restart your domain by running: virsh --connect qemu:///system start test otherwise, please restart your installation. Expected behavior: VM installation will start without apparmor error. Actual behavior: The above denial happens: Feb 23 18:56:54 ubuntu audit[4420]: AVC apparmor="DENIED" operation="open" profile="libvirt-bdd92fa6-6030-4980-951c-2a52ec7e406c" name="/var/lib/libvirt/qemu/nvram/test_VARS.fd" pid=4420 comm="qemu-system-x86" requested_mask="r" denied_m> and stop the installation. # lsb_release -rd Description: Ubuntu 21.10 Release: 21.10 Package: apparmor Version: 3.0.3-0ubuntu1 Package: virtinst Version: 1:3.2.0-3 When trying to re-install an existing VM with uefi boot set up using the recently introduced `--reinstall` option apparmor makes the installation fail with the following error: Could not open '/var/lib/libvirt/qemu/nvram/test_VARS.fd': Permission denied Steps to reproduce: Create a VM: root@ubuntu:~# virt-install --connect qemu:///system --quiet --os-variant fedora28 --memory 1024 --name test --wait -1 --disk size=1,format=qcow2 --print-xml 1 > /tmp/test1.xml Edit the VM configuration to enable automatic UEFI boot by changing the <os> like follows: - <os> + <os firmware='efi'> Define the VM: root@ubuntu:~# virsh define /tmp/test1.xml Start VM installation: root@ubuntu:~# virt-install --connect qemu:///system --reinstall test --wait -1 --noautoconsole --cdrom /var/lib/libvirt/novell.iso --autostart WARNING No operating system detected, VM performance may suffer. Specify an OS with --os-variant for optimal results. Starting install... ERROR internal error: process exited while connecting to monitor: 2022-02-23T18:56:54.738510Z qemu-system-x86_64: -blockdev {"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/test_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}: Could not open '/var/lib/libvirt/qemu/nvram/test_VARS.fd': Permission denied Domain installation does not appear to have been successful. If it was, you can restart your domain by running:   virsh --connect qemu:///system start test otherwise, please restart your installation. Expected behavior: VM installation will start without apparmor error. Actual behavior: The above denials happen: audit: type=1400 audit(1645796875.169:132): apparmor="DENIED" operation="open" profile="libvirt-68567d5b-c2c1-4256-9931-ce675df2f9b0" name="/var/lib/libvirt/qemu/nvram/test_VARS.fd" pid=4909 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=64055 same thing later on for "k" (locking) audit: type=1400 audit(1645796969.776:151): apparmor="DENIED" operation="file_lock" profile="libvirt-68567d5b-c2c1-4256-9931-ce675df2f9b0" name="/usr/share/OVMF/OVMF_CODE_4M.secboot.fd" pid=5125 comm="qemu-system-x86" requested_mask="k" denied_mask="k" fsuid=64055 ouid=0 and stop the installation.
2022-02-25 14:09:22 Martin Pitt bug task added libvirt
2022-02-25 14:22:41 Martin Pitt libvirt: status New In Progress
2022-02-25 14:22:41 Martin Pitt libvirt: assignee Martin Pitt (pitti)
2022-02-25 14:22:52 Martin Pitt affects apparmor (Debian) libvirt (Debian)
2022-02-25 22:06:51 Bug Watch Updater libvirt (Debian): status New Confirmed
2022-02-28 10:28:15 Christian Ehrhardt  tags server-todo
2022-02-28 10:32:22 Christian Ehrhardt  bug added subscriber Ubuntu Server
2022-03-07 14:04:29 Christian Ehrhardt  libvirt (Ubuntu): importance Undecided High
2022-03-09 10:05:07 Martin Pitt libvirt: status In Progress Fix Released
2022-03-09 14:59:45 Martin Pitt libvirt (Ubuntu): status Triaged Fix Committed
2022-03-09 19:12:59 Launchpad Janitor libvirt (Ubuntu): status Fix Committed Fix Released
2022-03-16 15:54:31 Bug Watch Updater libvirt (Debian): status Confirmed Fix Released