** Changed in: libvirt (Debian)
Status: New => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2079806
Title:
qemu-bridge-helper denied by apparmor on oracular
To manage notificat
This bug was fixed in the package libvirt - 10.6.0-1ubuntu2
---
libvirt (10.6.0-1ubuntu2) oracular; urgency=medium
* Apply upstream patch to allow access to
/usr/libexec/qemu/qemu-bridge-helper in apparmor profile (LP: #2079806)
- d/p/ubuntu-aa/allow-more-paths-for-qemu-brid
Debian QEMU has reverted the libexec move today:
https://salsa.debian.org/qemu-
team/qemu/-/commit/f265f4788f9fa2c276d2d19f82a80cc3dd5639f8
I intend to backport this into our QEMU next week. Initially I don't
see the need to revert the change introduced to fix this bug, but I'll
take a closer lo
OK, just a bit more context here.
I was able to start the VM after setting the suid bit on
/usr/libexec/qemu/qemu-bridge-helper. This is something users have been
expected to do for many years on Debian-like systems now, because we
conscientiously ship this helper *without* the suid bit set.
The
OK, I verified that this happens on Noble as well, so it's not related
to this specific bug. It's something that I want to fix, but should be
tracked in another bug.
FWIW, it happens when using a bridged network with qemu:///session.
I'll go ahead and sponsor the upload to fix this bug.
--
You
Hm, I'm using a non-conventional way to test things (running
libvirt+qemu inside an LXD container with some tweaks to make it
possible to use /dev/kvm and apparmor), so I found that I actually have
to reboot the container in order to make the changes be applied.
However, that still hasn't solved th
Hey,
Yeah, I'm using qemu:///session but I tried restarting the daemon, and
it still doesn't work for me. There's something else at play here, and
I'm still debugging to see what's going on.
It's interesting that you were able to start your VM only with your
patch applied but I can't.
--
You r
Hi Sergio,
After I changed the bridge_helper setting to "/usr/libexec/qemu/qemu-
bridge-helper", I had to restart libvirtd to get qemu.conf to be re-
read. I'm using qemu:///session so had to configure the bridge_helper in
$HOME/.config/libvirt/qemu.conf
I assume that if you're using qemu:///syst
Hi Olivier,
I'm trying to verify your proposed fix here, but unfortunately the first
deny doesn't go away even after setting bridge_helper, as you suggested:
[787295.652901] audit: type=1400 audit(1725654273.133:7222):
apparmor="DENIED" operation="file_mmap" class="file"
namespace="root//lxd-o-li
** Changed in: libvirt (Debian)
Status: Unknown => New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2079806
Title:
qemu-bridge-helper denied by apparmor on oracular
To manage notifications
** Merge proposal linked:
https://code.launchpad.net/~ogayot/ubuntu/+source/libvirt/+git/libvirt/+merge/472781
** Changed in: libvirt (Ubuntu)
Assignee: (unassigned) => Olivier Gayot (ogayot)
** Changed in: libvirt (Ubuntu)
Status: New => In Progress
--
You received this bug not
** Bug watch added: Debian Bug tracker #1077915
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077915
** Also affects: libvirt (Debian) via
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1077915
Importance: Unknown
Status: Unknown
--
You received this bug notification beca
There are two aspects to this. The following DENIED can be addressed by
changing the libvirt QEMU configuration:
[162559.444684] audit: type=1400 audit(1725612671.214:6873):
apparmor="DENIED" operation="file_mmap" class="file"
profile="libvirtd//qemu_bridge_helper" name="/usr/bin/dash" pid=699975
I believe we must update the following line in usr.sbin.libvirtd:
/usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix,
to
/usr/{lib,lib64,lib/qemu,libexec/qemu}/qemu-bridge-helper
$ dpkg -S qemu-bridge-helper
qemu-system-common: /usr/libexec/qemu/qemu-bridge-helper
qemu-system-comm
14 matches
Mail list logo
