[Pkg-libvirt-maintainers] Bug#786652: fails to include TEMPLATE.kvm, preventing creation of domains with KVM under apparmor

Fri Jun 12 12:05:09 UTC 2015

On Sun, May 24, 2015 at 09:56:50AM +0200, Guido Günther wrote:
> Hi,
> 
> Thanks for the report
> 
> On Sun, May 24, 2015 at 01:00:52AM +0000, Luke Faraone wrote:
> > Package: libvirt-daemon-system
> > Version: 1.2.9-9
> > Severity: normal
> > File: /etc/apparmor.d/libvirt/TEMPLATE.qemu
> > 
> > May 24 00:07:47 aqua libvirtd[1130]: internal error: Child process
> > (/usr/lib/libvirt/virt-aa-helper -p 0 -c -u libvirt-a8588abe-9d3b-4772-a95e-
> > 0e312decc03a) unexpected exit status 1: virt-aa-helper.real: error: template
> > does not exist
> > 
> > This can be resolved by copying /etc/apparmor.d/libvirt/TEMPALTE.qemu to
> > /etc/apparmor.d/libvirt/TEMPALTE.kvm
> 
> Could you check if the attached patch fixes your problem as well?

Could you please check if the packages at:

    http://honk.sigxcpu.org/projects/libvirt/snapshots/

make these copies superfluous. You should be able to remove the
TEMPLATE.kvm with these installed. Feedback would be appreciated so we
could squeeze this into a point release.
Cheers,
 -- Guido

> Cheers,
>  -- Guido

> >From 16d2bc8b98563f801f111795250515fcbd39ab46 Mon Sep 17 00:00:00 2001
> Message-Id: <16d2bc8b98563f801f111795250515fcbd39ab46.1432454102.git.agx at sigxcpu.org>
> From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat at suse.com>
> Date: Tue, 28 Oct 2014 14:42:34 -0600
> Subject: [PATCH] Teach virt-aa-helper to use TEMPLATE.qemu if the domain is
>  kvm or kqemu
> To: libvir-list at redhat.com
> Status: RO
> Content-Length: 1123
> Lines: 37
> 
> ---
>  src/security/virt-aa-helper.c | 12 +++++++++++-
>  1 file changed, 11 insertions(+), 1 deletion(-)
> 
> diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
> index 9afc8db..1f299a0 100644
> --- a/src/security/virt-aa-helper.c
> +++ b/src/security/virt-aa-helper.c
> @@ -341,15 +341,25 @@ create_profile(const char *profile, const char *profile_name,
>      int tlen, plen;
>      int fd;
>      int rc = -1;
> +    const char *driver_name = NULL;
>  
>      if (virFileExists(profile)) {
>          vah_error(NULL, 0, _("profile exists"));
>          goto end;
>      }
>  
> +    switch (virtType) {
> +    case VIR_DOMAIN_VIRT_QEMU:
> +    case VIR_DOMAIN_VIRT_KQEMU:
> +    case VIR_DOMAIN_VIRT_KVM:
> +        driver_name = "qemu";
> +        break;
> +    default:
> +        driver_name = virDomainVirtTypeToString(virtType);
> +    }
>  
>      if (virAsprintfQuiet(&template, "%s/TEMPLATE.%s", APPARMOR_DIR "/libvirt",
> -                         virDomainVirtTypeToString(virtType)) < 0) {
> +                         driver_name) < 0) {
>          vah_error(NULL, 0, _("template name exceeds maximum length"));
>          goto end;
>      }
> -- 
> 2.1.4
> 