[Bug 1403648] [NEW] Apparmor denies qemu access to a number of important directories.

Dave Chiluk 1403648 at bugs.launchpad.net
Wed Dec 17 21:23:18 UTC 2014 

Public bug reported:

Apparmor denise libvirt access to a number of important directories.


syslog.4:Dec 12 17:18:08 nuc2 kernel: [54334.001494] type=1400 audit(1418404688.659:48): apparmor="DENIED" operation="open" profile="libvirt-64557998-1e6b-43fb-bf6a-7dc9b9c7a660" name="/var/lib/charm/ceph/ceph.conf" pid=23594 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=108 ouid=0
syslog.4:Dec 12 17:18:09 nuc2 kernel: [54334.537222] type=1400 audit(1418404689.195:49): apparmor="DENIED" operation="open" profile="libvirt-64557998-1e6b-43fb-bf6a-7dc9b9c7a660" name="/var/lib/charm/ceph/ceph.conf" pid=23594 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=108 ouid=0
syslog.4:Dec 12 17:18:09 nuc2 kernel: [54334.745412] type=1400 audit(1418404689.403:50): apparmor="DENIED" operation="open" profile="libvirt-64557998-1e6b-43fb-bf6a-7dc9b9c7a660" name="/var/lib/charm/ceph/ceph.conf" pid=23594 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=108 ouid=0
syslog.4:Dec 12 17:18:09 nuc2 kernel: [54334.808978] type=1400 audit(1418404689.467:51): apparmor="DENIED" operation="open" profile="libvirt-64557998-1e6b-43fb-bf6a-7dc9b9c7a660" name="/var/lib/charm/ceph/ceph.conf" pid=23594 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=108 ouid=0
syslog.4:Dec 12 17:18:09 nuc2 kernel: [54334.858862] type=1400 audit(1418404689.515:52): apparmor="DENIED" operation="open" profile="libvirt-64557998-1e6b-43fb-bf6a-7dc9b9c7a660" name="/var/lib/charm/ceph/ceph.conf" pid=23594 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=108 ouid=0
syslog.4:Dec 12 17:18:09 nuc2 kernel: [54334.909608] type=1400 audit(1418404689.567:53): apparmor="DENIED" operation="open" profile="libvirt-64557998-1e6b-43fb-bf6a-7dc9b9c7a660" name="/var/lib/charm/ceph/ceph.conf" pid=23594 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=108 ouid=0
syslog.4:Dec 12 17:18:09 nuc2 kernel: [54334.976979] type=1400 audit(1418404689.635:54): apparmor="DENIED" operation="open" profile="libvirt-64557998-1e6b-43fb-bf6a-7dc9b9c7a660" name="/var/lib/charm/ceph/ceph.conf" pid=23594 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=108 ouid=0
syslog.4:Dec 12 18:25:25 nuc2 kernel: [58368.978163] type=1400 audit(1418408725.790:56): apparmor="DENIED" operation="open" profile="libvirt-c2f29087-8453-4441-a27d-716666fcd7a5" name="/var/lib/charm/ceph/ceph.conf" pid=19293 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=108 ouid=0
syslog.4:Dec 12 18:25:25 nuc2 kernel: [58368.979670] type=1400 audit(1418408725.790:57): apparmor="DENIED" operation="open" profile="libvirt-c2f29087-8453-4441-a27d-716666fcd7a5" name="/tmp/" pid=19293 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=108 ouid=0
syslog.4:Dec 12 18:25:25 nuc2 kernel: [58368.979680] type=1400 audit(1418408725.790:58): apparmor="DENIED" operation="open" profile="libvirt-c2f29087-8453-4441-a27d-716666fcd7a5" name="/var/tmp/" pid=19293 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=108 ouid=0

In this case the machine was installed using juju and maas.  Specific
charms in play on this machine are ceph, and nova-compute.

I'm not sure if the juju charms need to be updated or if the libvirt
template needs to be updated or something else altogether.

It's important to not that without ceph apparmor still denies access to
/tmp and /var/tmp

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: libvirt-bin 1.2.2-0ubuntu13.1.7
ProcVersionSignature: User Name 3.13.0-35.62-generic 3.13.11.6
Uname: Linux 3.13.0-35-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.6
Architecture: amd64
Date: Wed Dec 17 21:15:20 2014
KernLog:
 
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 XDG_RUNTIME_DIR=<set>
 LANG=en_US.UTF-8
 SHELL=/bin/bash
SourcePackage: libvirt
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.default.libvirt.bin: [modified]
modified.conffile..etc.libvirt.libvirtd.conf: [modified]
modified.conffile..etc.libvirt.qemu.conf: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/qemu.conf']
mtime.conffile..etc.default.libvirt.bin: 2014-12-12T02:21:56.792085
mtime.conffile..etc.libvirt.libvirtd.conf: 2014-12-12T02:21:49.403764

** Affects: libvirt (Ubuntu)
     Importance: Undecided
         Status: Incomplete

** Affects: ceph (Juju Charms Collection)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug trusty uec-images

** Also affects: ceph (Juju Charms Collection)
   Importance: Undecided
       Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in Ubuntu.
https://bugs.launchpad.net/bugs/1403648

Title:
  Apparmor denies qemu access to a number of important directories.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1403648/+subscriptions

More information about the Ubuntu-server-bugs mailing list