Bug #591769 “apparmor denies virt-aa-helper access to ecryptfs f...” : Bugs : libvirt package : Ubuntu

Jamie Strandboge (jdstrand) on 2010-06-09

Changed in libvirt (Ubuntu):
assignee:	nobody → Jamie Strandboge (jdstrand)
importance:	Undecided → Medium
status:	New → Triaged
Changed in libvirt (Ubuntu Lucid):
status:	New → Triaged
importance:	Undecided → Medium
assignee:	nobody → Jamie Strandboge (jdstrand)
milestone:	none → lucid-updates

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2010-06-09:

#1

Reducing to low. The files are still allowed access by the VM, so the apparmor denied message is more confusing than anything else.

Changed in libvirt (Ubuntu Lucid):
importance:	Medium → Low
Changed in libvirt (Ubuntu Maverick):
importance:	Medium → Low

Jamie Strandboge (jdstrand) on 2010-06-15

Changed in libvirt (Ubuntu Maverick):
status:	Triaged → In Progress

Jamie Strandboge (jdstrand) on 2010-06-16

Changed in libvirt (Ubuntu Maverick):
milestone:	none → maverick-alpha-2

Revision history for this message

Launchpad Janitor (janitor) wrote on 2010-06-16:

#2

Download full text (8.5 KiB)

This bug was fixed in the package libvirt - 0.8.1-2ubuntu1

---------------
libvirt (0.8.1-2ubuntu1) maverick; urgency=low

  * Merge from debian unstable. Remaining changes:
    - Fixes:
      LP: #522845
      LP: #553737
      LP: #520386
    - debian/control:
      + Build-Depends on qemu-kvm, not qemu
      + Build-Depends on open-iscsi-utils, not open-iscsi
      + Build-Depends on libxml2-utils
      + Build-Depends on libapparmor-dev and Suggests apparmor
      + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables
        to Depends of libvirt-bin
      + Drop qemu-kvm and qemu to Suggests
      + We call libxen-dev libxen3-dev, so change all references
      + Rename Vcs-* to XS-Debian-Vcs-*
    - debian/libvirt-bin.postinst:
      + rename the libvirt group to libvirtd
      + add each admin user to the libvirtd group
      + reload apparmor profiles
    - debian/libvirt-bin.postrm:
      + rename the libvirt group to libvirtd
      + remove apparmor symlinks on purge
    - debian/README.Debian: add AppArmor section based on the upstream
      documentation
    - debian/rules:
      + update DEB_DH_INSTALLINIT_ARGS for upstart
      + add DEB_MAKE_CHECK_TARGET := check
      + use --with-apparmor
      + copy apparmor and apport hook to debian/tmp
    - add debian/libvirt-bin.upstart
    - debian/libvirt-bin.dirs: add /etc/apparmor.d/abstractions,
      /etc/apparmor.d/disable, /etc/apparmor.d/force-complain,
      /etc/apparmor.d/libvirt, /etc/cron.daily and
      /usr/share/apport/package-hooks
    - add debian/libvirt-bin.cron.daily
    - add debian/libvirt-bin.apport
    - debian/libvirt-bin.install: install apparmor profiles, abstractions
      and apport hook
    - debian/apparmor:
      - add TEMPLATE
      - add libvirt-qemu abstraction
      - add usr.lib.libvirt.virt-aa-helper
      - add usr.sbin.libvirtd
    - debian/patches/series:
      + don't apply 0002-qemu-disable-network.diff.patch
      + don't apply 0005-Terminate-nc-on-EOF.patch. Use
        9010-autodetect-nc-params.patch instead
      + 9000-delayed_iff_up_bridge.patch (refreshed)
      + 9001-dont_clobber_existing_bridges.patch
      + 9002-better_default_uri_virsh.patch (updated)
      + 9004-better-default-arch.patch
      + 9005-libvirtd-group-name.patch
      + 9006-increase-unix-socket-timeout.patch (refreshed)
      + 9007-default-config-test-case.patch (updated)
      + 9008-fix-daemon-conf-ftbfs.patch (rewritten)
      + 9009-run-as-root-by-default.patch (refreshed)
      + 9010-autodetect-nc-params.patch (refreshed, formerly 9015)
      + 9011-dont-disable-ipv6.patch (updated)
  * Dropped following packaging changes, no longer required with upgrades
    from Lucid:
    - debian/control:
      + versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg
      + remove Build-Depends on libcap-ng-dev
    - debian/libvirt-bin.postinst: virt-aa-helper profile migration to
      /usr/lib/libvirt
    - debian/libvirt-bin.preinst: added to force complain on certain
      upgrades
  * Dropped the following patches, included upstream:
    - 0010-Use-base-16-for-product-vendor.patch
    - 9003-increase-logoutput-timeout.patch
    - 9010-apparmor-ftbfs...

This bug was fixed in the package libvirt - 0.8.1-2ubuntu1

---------------
libvirt (0.8.1-2ubuntu1) maverick; urgency=low

* Merge from debian unstable. Remaining changes:
    - Fixes:
      LP: #522845
      LP: #553737
      LP: #520386
    - debian/control:
      + Build-Depends on qemu-kvm, not qemu
      + Build-Depends on open-iscsi-utils, not open-iscsi
      + Build-Depends on libxml2-utils
      + Build-Depends on libapparmor-dev and Suggests apparmor
      + Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables
        to Depends of libvirt-bin
      + Drop qemu-kvm and qemu to Suggests
      + We call libxen-dev libxen3-dev, so change all references
      + Rename Vcs-* to XS-Debian-Vcs-*
    - debian/libvirt-bin.postinst:
      + rename the libvirt group to libvirtd
      + add each admin user to the libvirtd group
      + reload apparmor profiles
    - debian/libvirt-bin.postrm:
      + rename the libvirt group to libvirtd
      + remove apparmor symlinks on purge
    - debian/README.Debian: add AppArmor section based on the upstream
      documentation
    - debian/rules:
      + update DEB_DH_INSTALLINIT_ARGS for upstart
      + add DEB_MAKE_CHECK_TARGET := check
      + use --with-apparmor
      + copy apparmor and apport hook to debian/tmp
    - add debian/libvirt-bin.upstart
    - debian/libvirt-bin.dirs: add /etc/apparmor.d/abstractions,
      /etc/apparmor.d/disable, /etc/apparmor.d/force-complain,
      /etc/apparmor.d/libvirt, /etc/cron.daily and
      /usr/share/apport/package-hooks
    - add debian/libvirt-bin.cron.daily
    - add debian/libvirt-bin.apport
    - debian/libvirt-bin.install: install apparmor profiles, abstractions
      and apport hook
    - debian/apparmor:
      - add TEMPLATE
      - add libvirt-qemu abstraction
      - add usr.lib.libvirt.virt-aa-helper
      - add usr.sbin.libvirtd
    - debian/patches/series:
      + don't apply 0002-qemu-disable-network.diff.patch
      + don't apply 0005-Terminate-nc-on-EOF.patch. Use
        9010-autodetect-nc-params.patch instead
      + 9000-delayed_iff_up_bridge.patch (refreshed)
      + 9001-dont_clobber_existing_bridges.patch
      + 9002-better_default_uri_virsh.patch (updated)
      + 9004-better-default-arch.patch
      + 9005-libvirtd-group-name.patch
      + 9006-increase-unix-socket-timeout.patch (refreshed)
      + 9007-default-config-test-case.patch (updated)
      + 9008-fix-daemon-conf-ftbfs.patch (rewritten)
      + 9009-run-as-root-by-default.patch (refreshed)
      + 9010-autodetect-nc-params.patch (refreshed, formerly 9015)
      + 9011-dont-disable-ipv6.patch (updated)
  * Dropped following packaging changes, no longer required with upgrades
    from Lucid:
    - debian/control:
      + versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg
      + remove Build-Depends on libcap-ng-dev
    - debian/libvirt-bin.postinst: virt-aa-helper profile migration to
      /usr/lib/libvirt
    - debian/libvirt-bin.preinst: added to force complain on certain
      upgrades
  * Dropped the following patches, included upstream:
    - 0010-Use-base-16-for-product-vendor.patch
    - 9003-increase-logoutput-timeout.patch
    - 9010-apparmor-ftbfs.patch
    - 9011-node_device_driver.patch
    - 9012-dont-crash-on-restart.patch
    - 9013-apparmor-dont-clear-caps.patch
    - 9014-apparmor-remove-unloaded-profile-is-not-fatal.patch
    - 9016-disk-cache-setting-xml.patch
    - 9018-fix-pty-console.patch
    - 9019-apparmor-fix-xauth.patch
    - 9020-apparmor-fix-backingstore.patch
    - 9021-apparmor-fix-hostdev.patch
    - 9022-dont-leak-log-fd.path.patch
    - 9023-virt-pki-validate_fixes.patch
    - 9024-free-memory-for-invalid-devices.patch (use
      0008-Fix-leaks-in-udev-device-add-remove.patch from Debian)
  * debian/apparmor/usr.lib.libvirt.virt-aa-helper: allow access to ecryptfs
    files (LP: #591769)
  * debian/patches/9012-fix-nodeinfotest-ftbfs.patch: fix FTBFS in
    nodeinfotest. Drop in 0.8.2.
  * debian/patches/9013-apparmor-lp457716.patch: properly support/save and
    restore (LP: #457716). Drop in 0.8.2.
  * debian/apparmor/libvirt-qemu: remove workaround for LP: #457716
  * don't create and run ebtables script in /tmp:
    - debian/apparmor/usr.sbin.libvirt: allow ixr to /var/lib/libvirt/virtd*
      for new ebtables functionality added in 0.8.0
    - debian/patches/9014-move-ebtables-script.patch: update
      nwfilter_ebiptables_driver.c /var/lib/libvirt to use /var/lib/libvirt
      instead of /tmp

libvirt (0.8.1-2) unstable; urgency=low

* [41aea79] Drop patchsys-quilt since this package is 3.0 (quilt) now.
    (Closes: #577919)
  * [978e3c9] libvirt-bin.init: export PATH. (Closes: #584333)
  * [e4f0869] virt-xml-validate needs xmllint from libxml2-utils.
    (Closes: #584869)
  * [bba6d72] New patch 0008-Fix-leaks-in-udev-device-add-remove.patch:
    Fix leaks in udev device add/remove. (Closes: #582965) - thanks to
    Nigel Jones for forwarding this

libvirt (0.8.1-1) unstable; urgency=low

* [647cbd6] Imported Upstream version 0.8.1
        * fixes spurious syslog messages (Closes: #565275)
        * sysfs USB class parsing (Closes: #579208)
        * virsh honors $VISUAL (Closes: #574415)
  * [fecd1b9] Update libvirt symbols to 0.8.1
  * [3e58e0b] Drop patches merged upstream:
        * 0007-nwfilter-Don-t-crash-if-driverState-NULL.patch
        * 0008-Ignore-empty-type-statement-in-disk-element.patch
  * [561ab2e] New patch:
        * 0007-patch-qemuMonitorTextGetMigrationStatus-to-intercept.patch:
          make qemuMonitorTextGetMigrationStatus to intercept unknown
          command 'info migrate' (Closes: #574272) - thanks to Andreas Bießmann
  * [aeda8ea] Enanble macvtap support

libvirt (0.8.0-2) unstable; urgency=low

* [70fbcb6] New patch 0007-nwfilter-Don-t-crash-if-driverState- NULL.patch
    nwfilter: Don't crash if driverState == NULL (Closes: #577728)
  * [d7d1abd] New patch 0008-Ignore-empty-type-statement-in-disk-
    element.patch Ignore empty type statement in disk element
    (Closes: #578347)

libvirt (0.8.0-1) unstable; urgency=low

* Imported Upstream version 0.8.0
  * Drop patches.
  * Update libvirt0 symbols.
  * Switch to new source format 3.0 (quilt).

libvirt (0.7.7-4) unstable; urgency=low

[ Guido Günther ]
  * [cf4919c] Recommend either qemu-kvm or qemu

[ Laurent Léonard ]
  * [1b12f02] Change libparted1.8-dev build dependency to libparted0- dev.
    (Closes: #574906)

libvirt (0.7.7-3) unstable; urgency=low

* The "fix all those crashes" release
  * [f74e13a] Explicitly disable hal (Closes: #574177)
  * [21ef92b] New patch 0009-security-Set-permissions-for-kernel- initrd.patch
    security: Set permissions for kernel/initrd (Closes: #574241) - thanks to
    Cole Robinson
  * [b69d3cc] Revert "Enable NUMA support" since it breaks the python
    bindings.
  * [5f2ca4a] New patch 0010-Don-t-crash-without-a-security-driver.patch Don't
    crash without a security driver (Closes: #574359)

libvirt (0.7.7-2) unstable; urgency=low

[ Guido Günther ]
  * [b350683] Enable parallel build
  * [b2a6aab] Enable NUMA support
  * [13274cf] New patch 0007-Work-around-broken-linux-socket.h.patch
    Work around broken linux/socket.h

[ Laurent Léonard ]
  * [3c12caf] qemu: Fix USB by product with security enabled.

libvirt (0.7.7-1) unstable; urgency=low

* [f944460] Imported Upstream version 0.7.7
  * [bd457cc] Redo patches.
  * [098d1d3] Update libvirt0 symbols.

libvirt (0.7.6-2) unstable; urgency=low

* [72790fc] Drop hal dependency We're using udev for device enumeration.
  * [ce225c4][11cc6e9] New patch
    0006-Don-t-drop-caps-when-exec-ing-qemu.patch: Don't drop caps when
    exec'ing qemu. Instead of disabling libcap-ng better exclude this one exec
    so we get the additional security for the rest of the calls. Makes
    interface type="network" work again. (Closes: #565767)

libvirt (0.7.6-1) unstable; urgency=low

* [0229557] Imported Upstream version 0.7.6
  * [6fdc00b] Drop patches.
  * [1b0670b] Update libvirt0 symbols.

libvirt (0.7.5-6) unstable; urgency=low

[ Laurent Léonard ]
  * [a3b98c9] Don't free an uninitalized pointer in update_driver_name()
    (Closes: #565983) - thanks to Matthias Bolte
  * [719976d] Handle only official releases in debian/watch.
  * [83902d9] Bump Standards-Version to 3.8.4.

[ Guido Günther ]
  * [959640d] New patch 0011-Fix-parsing-of-info-chardev-line-
    endings.patch Fix parsing of 'info chardev' line endings (Closes:
    #567818) - thanks to Matthew Booth

[ Laurent Léonard ]
  * [0b2a9dd] Add $remote_fs to Required-Start and Required-Stop in
    libvirt-bin init script.
 -- Jamie Strandboge <jamie@ubuntu.com>   Wed, 16 Jun 2010 14:22:39 -0500

Changed in libvirt (Ubuntu Maverick):
status:	In Progress → Fix Released

Jamie Strandboge (jdstrand) on 2010-08-12

Changed in libvirt (Ubuntu Lucid):
assignee:	Jamie Strandboge (jdstrand) → nobody

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2011-05-26:

#3

Marking "Won't Fix" for the Lucid task. The problem is cosmetic and this bug is not really suitable for an SRU. Please feel free to reopen if you would like to pursue an SRU by following https://wiki.ubuntu.com/StableReleaseUpdates.

Changed in libvirt (Ubuntu Lucid):
status:	Triaged → Won't Fix

Ubuntu
libvirt package

apparmor denies virt-aa-helper access to ecryptfs files

Bug Description

Related branches

Other bug subscribers

Remote bug watches

	Status	Importance	Assigned to	Milestone
libvirt (Ubuntu)	Fix Released	Low	Jamie Strandboge	Ubuntu maverick-alpha-2
Lucid	Won't Fix	Low	Unassigned	Ubuntu lucid-updates
Maverick	Fix Released	Low	Jamie Strandboge	Ubuntu maverick-alpha-2

Ubuntulibvirt package

apparmor denies virt-aa-helper access to ecryptfs files

Bug Description

Related branches

Other bug subscribers

Remote bug watches

Ubuntu
libvirt package