© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
This is a continuation of bug 1847361.
Since that is in Ubuntu and Debian we are:
- correctly saving the modules to those paths in /var/run/qemu.
- qemu tries to load from that path as fallback
- that works fine in containers running qemu/kvm
But there is an issue on non-container systems as /run usually is like this:
tmpfs on /run type tmpfs (rw,nosuid,
The important bit here is the "noexec" which is intentional (for security reasons), but prevents the loading of shared objects from that path.
The path is good for many reasons (it is auto-cleaned, upstream and Distros agreed to this one path, ...). Moving it to other places also quite likely might have unpredictable options.
In a discussion between Victor (thanks for all the pushign and inpot on this) and Marc (security POV) we have come to a solution that will make just the subpath that is owned by qemu to not have noexec set.
This bug shall track preparing this fix for Debian / Ubuntu and the latter SRu considerations on the same.