** Summary changed: - AppArmor blocks hot-attaching of USB devices + AppArmor blocks hotplugging of USB devices
** Description changed: On Ubuntu 10.04 server, after applying the fixes to Libvirt's AppArmor - profiles as discussed in bug 545795 the hot-attachment of USB devices is - blocked/denied by AppArmor. Hot-attachment means: a KVM-based VM is - running and a USB devices connected to the underlying host is to be - attached/passed-through to the VM while it is running. This can be - accomplished by using virt-manager: + profiles as discussed in bug 545795 the hotplugging of USB devices is + blocked/denied by AppArmor. Hotplugging means: a KVM-based VM is running + and a USB devices connected to the underlying host is to be attached + /passed-through to the VM while it is running. This can be accomplished + by using virt-manager: 1. Open the "Details" window of the virtual machine in question 2. Klick Add Hardware 3. Select "Physical Host Device", Next 4. Select "USB device" and choose the device to be attached (in our case a USB card reader), Next 5. Finish The logfile for the machine in question immediately shows: usb_create: no bus specified, using "usb.0" for "usb-host" husb: open device 5.2 /dev/bus/usb/005/002: Permission denied husb: open device 5.2 /dev/bus/usb/005/002: Permission denied husb: open device 5.2 /dev/bus/usb/005/002: Permission denied husb: open device 5.2 /var/log/kern.log accordingly shows kernel: [79029.932635] type=1503 audit(1272985279.341:1009): operation="open" pid=23782 parent=1 profile="libvirt-959806d1-327a-cd14 -6b3f-ddeee8a19d0e" requested_mask="rw::" denied_mask="rw::" fsuid=0 ouid=0 name="/dev/bus/usb/005/002" This happens because AppArmor doesn't allow Libvirt access to /dev/bus/usb/**. Note that this works fine when the machine in question is shut down prior to attaching the USB device but that is exactly not the desired behaviour of hot-attaching devices. This can be fixed quite simply by allowing read-write access to /dev/bus/usb/**. I don't know if that needs to be added to the profile abstractions/libvirt-qemu or usr.lib.libvirt.virt-aa-helper. I believe it is the latter, but I am not sure. apparmor: 2.5-0ubuntu3 libvirt-bin: 0.7.5-5ubuntu27 Description: Ubuntu 10.04 LTS Release: 10.04 -- AppArmor blocks hotplugging of USB devices https://bugs.launchpad.net/bugs/578332 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
