Now I hit an issue that I expected:
DEBUG: trying to load module:
/var/run/qemu/Debian_1_4.2-3ubuntu2~ppa4/block-curl.so
Failed to open module: /var/run/qemu/Debian_1_4.2-3ubuntu2~ppa4/block-curl.so:
cannot open shared object file: Permission denied
Which is due to apparmove:
[302376.960953] audit: type=1400 audit(1583238035.059:439): apparmor="DENIED"
operation="open" namespace="root//lxd-f_<var-snap-lxd-common-lxd>"
profile="libvirt-2bef989e-6d28-45c8-b101-3959de1db2b3"
name="/run/qemu/Debian_1_4.2-3ubuntu2~ppa4/block-curl.so" pid=6958
comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0
I'm on the brink of letting that blocked by default and people would
=> less comfortable, but effectively making the change not even a bit less
secure until bigger deployments who care opt in (also this can be decided later
on).
Adding a libvirt task for it ...
** Also affects: libvirt (Ubuntu)
Importance: Undecided
Status: New
** Changed in: libvirt (Ubuntu)
Status: New => Triaged
** Changed in: libvirt (Ubuntu)
Importance: Undecided => Wishlist
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1847361
Title:
Upgrade of qemu binaries causes running instances not able to
dynamically load modules
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1847361/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
