Apparmor security unavailable

Bug #723361 reported by Alex Stark on 2011-02-22
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libvirt (Ubuntu)
Jamie Strandboge

Bug Description

System: basic Lucid, with installation in accordance exactly with Ubuntu website instructions, etc, etc. Everything is basically default Lucid setup with up-to-date packages.

KVM, installed XP Pro successfully.

Runs well except for complete inability to make USB devices, etc, available.

Description: Ubuntu 10.04.2 LTS
Release: 10.04

  Installed: 0.12.3+noroms-0ubuntu9.4
  Candidate: 0.12.3+noroms-0ubuntu9.4
  Version table:
 *** 0.12.3+noroms-0ubuntu9.4 0
        500 lucid-updates/main Packages
        500 lucid-security/main Packages
        100 /var/lib/dpkg/status
     0.12.3+noroms-0ubuntu9 0
        500 lucid/main Packages
  Installed: 0.7.5-5ubuntu27.8
  Candidate: 0.7.5-5ubuntu27.8
  Version table:
 *** 0.7.5-5ubuntu27.8 0
        500 lucid-updates/main Packages
        100 /var/lib/dpkg/status
     0.7.5-5ubuntu27.7 0
        500 lucid-security/main Packages
     0.7.5-5ubuntu27 0
        500 lucid/main Packages
  Installed: 0.12.4-0ubuntu0.2
  Candidate: 0.12.4-0ubuntu0.2
  Version table:
 *** 0.12.4-0ubuntu0.2 0
        500 lucid-updates/universe Packages
        500 lucid-security/universe Packages
        100 /var/lib/dpkg/status
     0.12.3-0ubuntu1 0
        500 lucid/universe Packages
  Installed: 1.4-5ubuntu2
  Candidate: 1.4-5ubuntu2
  Version table:
 *** 1.4-5ubuntu2 0
        500 lucid/main Packages
        100 /var/lib/dpkg/status
  Installed: 0.8.2-2ubuntu8
  Candidate: 0.8.2-2ubuntu8
  Version table:
 *** 0.8.2-2ubuntu8 0
        500 lucid/main Packages
        100 /var/lib/dpkg/status

USB devices become available with very dangerous chown -R of /dev/devices/...usb

Dangerous edits, as per other filed bugs, to /etc/apparmor.d/abstractions/libvirt-qemu do not work.

In Virtual machine manager, and in virsh, security "model" is not enabled / available / listed. No security is listed in the domain XML file.

Changing /etc/apparamor/abstractions/libvirtd does not work.

Rebooting dozens of times does not work.

This is in many ways the opposite of bug #588369.

I am filing as a bug because all the utilities and their docs mention apparmor, but fail completely and _silently_ when this problem occurs, and there is not even howto assistance. For example, the virtual manager GUI leaves the security model under "overview" as unselectable, and leaves the user completely in the dark.

qemu.conf has the line:
  # security_driver = "selinux"

The only file in /etc/apparmor.d/libvirt is the TEMPLATE file. No UUID-suffixed files exist.

Jamie Strandboge (jdstrand) wrote :

Thank you for filing a bug and helping to make Ubuntu better. Can you perform:
$ sudo apport-collect 723361

This will collect various pieces of information from your system for debugging and attach them to this bug.

Changed in libvirt (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
status: New → Incomplete
Alex Stark (jalexstark) wrote :

Done! But I don't think it did anything.

A message was issued in the terminal:
    Package libvirt not installed and no hook available, ignoring
That may be because the "package" is "libvirt", but the "package" is "libvirt-bin".

Alex Stark (jalexstark) wrote :

What "various pieces of information" should I gather, if the automated tool cannot do it?

Serge Hallyn (serge-hallyn) wrote :

Information was provided as new bug 723361 (which I've marked as a dup of this).

Changed in libvirt (Ubuntu):
status: Incomplete → New
Jamie Strandboge (jdstrand) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. This particular bug has already been reported and is a duplicate of bug 545795, so it is being marked as such. Please look at the other bug report to see if there is any missing information that you can provide, or to see if there is a workaround for the bug. Additionally, any further discussion regarding the bug should occur in the other report. Please continue to report any other bugs you may find.

Changed in libvirt (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers