Ubuntu
libvirt package

  1. Bug #579584
  2. Activity log

Activity log for bug #579584

Date Who What changed Old value New value Message
2010-05-12 17:54:58 s450r1 bug added bug
2010-05-18 22:58:27 Mathias Gug libvirt (Ubuntu): importance Undecided Medium
2010-05-18 22:58:30 Mathias Gug libvirt (Ubuntu): status New Incomplete
2010-05-28 19:03:18 s450r1 attachment added qemu.conf http://launchpadlibrarian.net/49276652/qemu.conf
2010-06-10 18:07:46 Jamie Strandboge libvirt (Ubuntu): status Incomplete Triaged
2010-06-10 18:07:46 Jamie Strandboge libvirt (Ubuntu): assignee Jamie Strandboge (jdstrand)
2010-06-10 21:05:10 Launchpad Janitor libvirt (Ubuntu): status Triaged Fix Released
2010-06-10 21:16:29 Launchpad Janitor branch linked lp:ubuntu/libvirt
2010-07-03 10:24:50 jdobry nominated for series Ubuntu Lucid
2010-07-03 10:28:46 jdobry libvirt (Ubuntu): status Fix Released Confirmed
2010-07-04 14:28:28 Jamie Strandboge libvirt (Ubuntu): status Confirmed Fix Released
2010-07-16 16:50:42 C de-Avillez bug task added libvirt (Ubuntu Lucid)
2011-01-10 23:01:08 Hugh Saunders bug added subscriber Hugh Saunders
2014-04-14 12:31:30 Launchpad Janitor libvirt (Ubuntu Lucid): status New Confirmed
2014-04-14 19:49:50 Serge Hallyn description I couldn't boot any guest VMs with virsh until I modified /etc/apparmor.d/abstractions/libvirt-qemu: jad@kvmhost:~$ sudo bzr diff /etc/apparmor.d/ === modified file 'apparmor.d/abstractions/libvirt-qemu' --- apparmor.d/abstractions/libvirt-qemu 2010-04-30 15:33:20 +0000 +++ apparmor.d/abstractions/libvirt-qemu 2010-05-12 17:26:56 +0000 @@ -8,6 +8,8 @@ capability dac_override, capability dac_read_search, capability chown, + capability setgid, + capability setuid, # this is needed with libcap-ng support, however it breaks a lot of things # atm, so just silence the denial until libcap-ng works right. LP: #522845 ... and restarted apparmor and libvirtd. Without `capability setgid`, the qemu guest log file contained: LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin QEMU_ AUDIO_DRV=none /usr/bin/kvm -S -M pc-0.11 -enable-kvm -m 512 -smp 1 -name dm1 -u uid 79d03a71-3be6-19df-1070-791239480888 -chardev socket,id=monitor,path=/var/li b/libvirt/qemu/dm1.monitor,server,nowait -monitor chardev:monitor -boot c -drive file=/var/vm/dm1/disk0.qcow2,if=ide,index=0,boot=on -drive file=/var/vm/dm1/disk1.qcow2,if=ide,index=1 -net nic,macaddr=52:54:00:bf:75:90,vlan=0,model=virtio,name=virtio.0 -net tap,fd=50,vlan=0,name=tap.0 -serial none -parallel none -usb -vnc 127.0.0.1:0 -vga cirrus libvir: QEMU error : cannot change to '109' group: Operation not permitted Without `capability setuid`, the qemu guest log file contained: LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin QEMU_AUDIO_DRV=none /usr/bin/kvm -S -M pc-0.11 -enable-kvm -m 512 -smp 1 -name dm1 -uuid 79d03a71-3be6-19df-1070-791239480888 -chardev socket,id=monitor,path=/var/lib/libvirt/qemu/dm1.monitor,server,nowait -monitor chardev:monitor -boot c -drive file=/var/vm/dm1/disk0.qcow2,if=ide,index=0,boot=on -drive file=/var/vm/dm1/disk1.qcow2,if=ide,index=1 -net nic,macaddr=52:54:00:bf:75:90,vlan=0,model=virtio,name=virtio.0 -net tap,fd=50,vlan=0,name=tap.0 -serial none -parallel none -usb -vnc 127.0.0.1:0 -vga cirrus libvir: QEMU error : cannot change to '104' user: Operation not permitted I don't really know if these changes were the right thing to do, but it did allow me to boot the VMs with virsh. jad@kvmhost:~$ lsb_release -rd Description: Ubuntu 10.04 LTS Release: 10.04 jad@kvmhost:~$ apt-cache policy libvirt-bin kvm qemu-kvm libvirt-bin: Installed: 0.7.5-5ubuntu27 Candidate: 0.7.5-5ubuntu27 Version table: *** 0.7.5-5ubuntu27 0 500 http://us.archive.ubuntu.com/ubuntu/ lucid/main Packages 100 /var/lib/dpkg/status kvm: Installed: 1:84+dfsg-0ubuntu16+0.12.3+noroms+0ubuntu9 Candidate: 1:84+dfsg-0ubuntu16+0.12.3+noroms+0ubuntu9 Version table: *** 1:84+dfsg-0ubuntu16+0.12.3+noroms+0ubuntu9 0 500 http://us.archive.ubuntu.com/ubuntu/ lucid/main Packages 100 /var/lib/dpkg/status qemu-kvm: Installed: 0.12.3+noroms-0ubuntu9 Candidate: 0.12.3+noroms-0ubuntu9 Version table: *** 0.12.3+noroms-0ubuntu9 0 500 http://us.archive.ubuntu.com/ubuntu/ lucid/main Packages 100 /var/lib/dpkg/status IMPACT: libvir cannot setuid to run VMs as non-root REGRESSION POTENTIAL: there should be none, we are only allowing libvirt to setuid and setgid, not changing any code TEST CASE: I couldn't boot any guest VMs with virsh until I modified /etc/apparmor.d/abstractions/libvirt-qemu: jad@kvmhost:~$ sudo bzr diff /etc/apparmor.d/ === modified file 'apparmor.d/abstractions/libvirt-qemu' --- apparmor.d/abstractions/libvirt-qemu 2010-04-30 15:33:20 +0000 +++ apparmor.d/abstractions/libvirt-qemu 2010-05-12 17:26:56 +0000 @@ -8,6 +8,8 @@    capability dac_override,    capability dac_read_search,    capability chown, + capability setgid, + capability setuid,    # this is needed with libcap-ng support, however it breaks a lot of things    # atm, so just silence the denial until libcap-ng works right. LP: #522845 ... and restarted apparmor and libvirtd. Without `capability setgid`, the qemu guest log file contained: LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin QEMU_ AUDIO_DRV=none /usr/bin/kvm -S -M pc-0.11 -enable-kvm -m 512 -smp 1 -name dm1 -u uid 79d03a71-3be6-19df-1070-791239480888 -chardev socket,id=monitor,path=/var/li b/libvirt/qemu/dm1.monitor,server,nowait -monitor chardev:monitor -boot c -drive  file=/var/vm/dm1/disk0.qcow2,if=ide,index=0,boot=on -drive file=/var/vm/dm1/disk1.qcow2,if=ide,index=1 -net nic,macaddr=52:54:00:bf:75:90,vlan=0,model=virtio,name=virtio.0 -net tap,fd=50,vlan=0,name=tap.0 -serial none -parallel none -usb -vnc 127.0.0.1:0 -vga cirrus libvir: QEMU error : cannot change to '109' group: Operation not permitted Without `capability setuid`, the qemu guest log file contained: LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/usr/bin:/usr/sbin:/sbin:/bin QEMU_AUDIO_DRV=none /usr/bin/kvm -S -M pc-0.11 -enable-kvm -m 512 -smp 1 -name dm1 -uuid 79d03a71-3be6-19df-1070-791239480888 -chardev socket,id=monitor,path=/var/lib/libvirt/qemu/dm1.monitor,server,nowait -monitor chardev:monitor -boot c -drive file=/var/vm/dm1/disk0.qcow2,if=ide,index=0,boot=on -drive file=/var/vm/dm1/disk1.qcow2,if=ide,index=1 -net nic,macaddr=52:54:00:bf:75:90,vlan=0,model=virtio,name=virtio.0 -net tap,fd=50,vlan=0,name=tap.0 -serial none -parallel none -usb -vnc 127.0.0.1:0 -vga cirrus libvir: QEMU error : cannot change to '104' user: Operation not permitted I don't really know if these changes were the right thing to do, but it did allow me to boot the VMs with virsh. jad@kvmhost:~$ lsb_release -rd Description: Ubuntu 10.04 LTS Release: 10.04 jad@kvmhost:~$ apt-cache policy libvirt-bin kvm qemu-kvm libvirt-bin:   Installed: 0.7.5-5ubuntu27   Candidate: 0.7.5-5ubuntu27   Version table:  *** 0.7.5-5ubuntu27 0         500 http://us.archive.ubuntu.com/ubuntu/ lucid/main Packages         100 /var/lib/dpkg/status kvm:   Installed: 1:84+dfsg-0ubuntu16+0.12.3+noroms+0ubuntu9   Candidate: 1:84+dfsg-0ubuntu16+0.12.3+noroms+0ubuntu9   Version table:  *** 1:84+dfsg-0ubuntu16+0.12.3+noroms+0ubuntu9 0         500 http://us.archive.ubuntu.com/ubuntu/ lucid/main Packages         100 /var/lib/dpkg/status qemu-kvm:   Installed: 0.12.3+noroms-0ubuntu9   Candidate: 0.12.3+noroms-0ubuntu9   Version table:  *** 0.12.3+noroms-0ubuntu9 0         500 http://us.archive.ubuntu.com/ubuntu/ lucid/main Packages         100 /var/lib/dpkg/status
2014-04-14 19:49:58 Serge Hallyn bug added subscriber Ubuntu Stable Release Updates Team
2014-04-14 20:59:40 Serge Hallyn libvirt (Ubuntu Lucid): status Confirmed Invalid