apport information ** Attachment added: "ProcEnviron.txt" https://bugs.launchpad.net/bugs/1378434/+attachment/4227597/+files/ProcEnviron.txt
-- You received this bug notification because you are a member of Kernel Packages, which is subscribed to linux in Ubuntu. https://bugs.launchpad.net/bugs/1378434 Title: 14.04: libvirt-qemu/apparmor: missing permissions for 9p shares Status in “linux” package in Ubuntu: New Bug description: I have an asterisk server running in a KVM and give it access to the storage array of the host via 9p. /etc/apparmor.d/abstractions/libvirt-qemu was missing the permissions for capa fowner and capa fsetid which are necessary for full access to the shares and which I fixed myself. Now, additionally, it seems that the helper for the KVMs only sets r and w permissions for the 9p shares. For full access in this case, also the link permission is needed. Manually adding the l flag to /etc/apparmor.d/libvirt-qemu/<UUID>.files does NOT work. The permission structure seems to be hardcoded in the source of the helper. Typical log entry: Oct 7 19:04:14 nostromo kernel: [498751.395000] type=1400 audit(1412697854.669:203): apparmor="DENIED" operation="link" profile ="libvirt-d2719da3-1869-9cee-b02f-8d86458bbea2" name="/storage/asterisk/spool/voicemail/default/1102/Old/.lock" pid=7775 comm="pool" requested_mask="l" denied_mask="l" fsuid=0 ouid=0 target="/storage/asterisk/spool/voicemail/default/1102/Old/.lock- 0fc30204" Possible solutions: a) Add l permission to the source of the helper b) Un-hardcode the permissions set by the helper and make them configurable through an /etc/default config or similar. This would be a preferable solution. --- AlsaDevices: total 0 crw-rw---- 1 root audio 116, 1 Oct 2 00:29 seq crw-rw---- 1 root audio 116, 33 Oct 2 00:29 timer AplayDevices: Error: [Errno 2] No such file or directory ApportVersion: 2.14.1-0ubuntu3.4 Architecture: amd64 ArecordDevices: Error: [Errno 2] No such file or directory AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1: CRDA: Error: [Errno 2] No such file or directory DistroRelease: Ubuntu 14.04 HibernationDevice: RESUME=UUID=28b31865-bf30-4c40-a9a6-32d44abec88b InstallationDate: Installed on 2014-08-17 (50 days ago) InstallationMedia: Ubuntu-Server 14.04.1 LTS "Trusty Tahr" - Release amd64 (20140722.3) MachineType: ASUSTeK COMPUTER INC. P9D-V Series NonfreeKernelModules: zfs zunicode zavl zcommon znvpair Package: linux (not installed) PciMultimedia: ProcFB: 0 astdrmfb ProcKernelCmdLine: BOOT_IMAGE=/boot/vmlinuz-3.13.0-36-generic root=UUID=c61299e4-1f7f-4807-aff6-0a3b4028b88c ro ProcVersionSignature: Ubuntu 3.13.0-36.63-generic 3.13.11.6 RelatedPackageVersions: linux-restricted-modules-3.13.0-36-generic N/A linux-backports-modules-3.13.0-36-generic N/A linux-firmware 1.127.7 RfKill: Error: [Errno 2] No such file or directory Tags: trusty Uname: Linux 3.13.0-36-generic x86_64 UpgradeStatus: No upgrade log present (probably fresh install) UserGroups: _MarkForUpload: True dmi.bios.date: 11/13/2013 dmi.bios.vendor: American Megatrends Inc. dmi.bios.version: 0601 dmi.board.asset.tag: To be filled by O.E.M. dmi.board.name: P9D-V Series dmi.board.vendor: ASUSTeK COMPUTER INC. dmi.board.version: Rev 1.xx dmi.chassis.asset.tag: To Be Filled By O.E.M. dmi.chassis.type: 17 dmi.chassis.vendor: To Be Filled By O.E.M. dmi.chassis.version: To Be Filled By O.E.M. dmi.modalias: dmi:bvnAmericanMegatrendsInc.:bvr0601:bd11/13/2013:svnASUSTeKCOMPUTERINC.:pnP9D-VSeries:pvrRev1.xx:rvnASUSTeKCOMPUTERINC.:rnP9D-VSeries:rvrRev1.xx:cvnToBeFilledByO.E.M.:ct17:cvrToBeFilledByO.E.M.: dmi.product.name: P9D-V Series dmi.product.version: Rev 1.xx dmi.sys.vendor: ASUSTeK COMPUTER INC. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1378434/+subscriptions -- Mailing list: https://launchpad.net/~kernel-packages Post to : kernel-packages@lists.launchpad.net Unsubscribe : https://launchpad.net/~kernel-packages More help : https://help.launchpad.net/ListHelp
