Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

apparmor denies loading modules on 14.04.5+ #2

Open
dejonghb opened this issue Aug 17, 2016 · 5 comments
Open

apparmor denies loading modules on 14.04.5+ #2

dejonghb opened this issue Aug 17, 2016 · 5 comments
Assignees
@dejonghb
Labels
state_question

Comments

@dejonghb
Copy link
Member

dejonghb commented Aug 17, 2016
edited by wimpers
Loading

On an fresh installed ubuntu LTS 14.04 (results in 14.04.5 now) loading of the .so files from /usr/lib/x86_64-linux-gnu/qemu is denied by apparmor

Failed to open module: /usr/lib/x86_64-linux-gnu/qemu/block-curl.so: failed to map segment from shared object: Permission denied
Failed to open module: /usr/lib/x86_64-linux-gnu/qemu/block-rbd.so: failed to map segment from shared object: Permission denied
Failed to open module: /usr/lib/x86_64-linux-gnu/qemu/block-openvstorage.so: failed to map segment from shared object: Permission denied

where dmesg has

[Wed Aug 17 12:36:30 2016] type=1400 audit(1471430192.746:197): apparmor="DENIED" operation="file_mmap" profile="libvirt-1a44dafb-c8df-532a-8444-c052167d18ac" name="/usr/lib/x86_64-linux-gnu/qemu/block-curl.so" pid=20443 comm="qemu-system-x86" requested_mask="m" denied_mask="m" fsuid=105 ouid=0
[Wed Aug 17 12:36:30 2016] type=1400 audit(1471430192.746:198): apparmor="DENIED" operation="file_mmap" profile="libvirt-1a44dafb-c8df-532a-8444-c052167d18ac" name="/usr/lib/x86_64-linux-gnu/qemu/block-rbd.so" pid=20443 comm="qemu-system-x86" requested_mask="m" denied_mask="m" fsuid=105 ouid=0
[Wed Aug 17 12:36:30 2016] type=1400 audit(1471430192.746:199): apparmor="DENIED" operation="file_mmap" profile="libvirt-1a44dafb-c8df-532a-8444-c052167d18ac" name="/usr/lib/x86_64-linux-gnu/qemu/block-openvstorage.so" pid=20443 comm="qemu-system-x86" requested_mask="m" denied_mask="m" fsuid=105 ouid=0

Newer /etc/apparmor.d/abstractions/libvirt-qemu has (among others) following lines added:

for qemu-block-extra

/usr/lib/@{multiarch}/qemu/*.so rm,
@wimpers
Copy link

wimpers commented Sep 7, 2016

@dejonghb What should be done to tackle this ticket? Do we need to create a new QEMU build?

@dejonghb
Copy link
Member Author

dejonghb commented Sep 7, 2016

/etc/apparmor.d/abstractions/libvirt-qemu comes from the libvirt-bin package, which is something we provide via our apt repo and is built from https://github.com/openvstorage/libvirt (private)

Sure looks like the libvirt repo needs updating to be on par with newer ubuntu releases. No idea which upstream was used and if any ubuntisms are included or not; but @cnanakos should be able to provide more info on that.

@cnanakos
Copy link
Member

cnanakos commented Sep 7, 2016

There are no changes included besides the ones for OpenvStorage. The package is based on the one provided by the official Ubuntu packages (1.2.2-0ubuntu13.1.17).

@wimpers
Copy link

wimpers commented Dec 12, 2016

@dejonghb @cnanakos is this still relevant as we have moved to 16.04 or can we close this ticket?

@dejonghb
Copy link
Member Author

If all is fine on 16.04 -- has this been checked/tested ? -- and 14.04.x is considered obsolete, no problem with closing this one.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@dejonghb dejonghb

Labels
state_question
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@cnanakos @wimpers @dejonghb