Good:
(gdb) p *((virSecurityStackDataPtr)(((virQEMUDriverPtr)conn->privateData
)->securityManager->privateData))->itemsHead->securityManager
$7 = {parent = {parent = {parent_instance = {g_type_instance = {g_class =
0x7f430805ddf0}, ref_count = 1, qdata = 0x0}}, lock = {lock = {__data = {__lock
= 0, __count = 0, __owner = 0,
__nusers = 0, __kind = 512, __spins = 0, __elision = 0, __list =
{__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 17 times>, "\002",
'\000' <repeats 21 times>,
__align = 0}}}, drv = 0x7f435aadfae0 <virAppArmorSecurityDriver>, flags
= 10, virtDriver = 0x7f43541e71b2 "QEMU", privateData = 0x0}
(gdb) p *((virSecurityStackDataPtr)(((virQEMUDriverPtr)conn->privateData
)->securityManager->privateData))->itemsHead->next->securityManager
$8 = {parent = {parent = {parent_instance = {g_type_instance = {g_class =
0x7f430805ddf0}, ref_count = 1, qdata = 0x0}}, lock = {lock = {__data = {__lock
= 0, __count = 0, __owner = 0,
__nusers = 0, __kind = 512, __spins = 0, __elision = 0, __list =
{__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 17 times>, "\002",
'\000' <repeats 21 times>,
__align = 0}}}, drv = 0x7f435aadf7c0 <virSecurityDriverDAC>, flags =
10, virtDriver = 0x7f43541e71b2 "QEMU", privateData = 0x7f430807b180}
Bad:
(gdb) p *((virSecurityStackDataPtr)(((virQEMUDriverPtr)conn->privateData
)->securityManager->privateData))->itemsHead->securityManager
$9 = {parent = {parent = {parent_instance = {g_type_instance = {g_class =
0x7f8b0c0259e0}, ref_count = 1, qdata = 0x0}}, lock = {lock = {__data = {__lock
= 0, __count = 0, __owner = 0,
__nusers = 0, __kind = 512, __spins = 0, __elision = 0, __list =
{__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 17 times>, "\002",
'\000' <repeats 21 times>,
__align = 0}}}, drv = 0x7f8b572d24c0 <virSecurityDriverNop>, flags = 8,
virtDriver = 0x7f8b501d91b2 "QEMU", privateData = 0x0}
(gdb) p *((virSecurityStackDataPtr)(((virQEMUDriverPtr)conn->privateData
)->securityManager->privateData))->itemsHead->next->securityManager
$10 = {parent = {parent = {parent_instance = {g_type_instance = {g_class =
0x7f8b0c0259e0}, ref_count = 1, qdata = 0x0}}, lock = {lock = {__data = {__lock
= 0, __count = 0, __owner = 0,
__nusers = 0, __kind = 512, __spins = 0, __elision = 0, __list =
{__prev = 0x0, __next = 0x0}}, __size = '\000' <repeats 17 times>, "\002",
'\000' <repeats 21 times>,
__align = 0}}}, drv = 0x7f8b572d27c0 <virSecurityDriverDAC>, flags =
10, virtDriver = 0x7f8b501d91b2 "QEMU", privateData = 0x7f8b0c07add0}
See virSecurityDriverNop vs virAppArmorSecurityDriver in the above
output
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1895967
Title:
3.0.0~beta1-0ubuntu1 in Groovy breaks Libvirt/Qemu/KVM
Status in apparmor package in Ubuntu:
Incomplete
Bug description:
Hi,
I stumbled over this due to automatic tests checking proposed.
I found that Focal no more could migrate to Groovy with:
$ virsh migrate --unsafe --live fguest qemu+ssh://10.162.30.163/system
error: unsupported configuration: Security driver model 'apparmor' is not
available
I looked after it and found that while all former releases detected
apparmor correctly:
$ virsh capabilities | grep -C 3 secmodel
<cache>
<bank id='0' level='3' type='both' size='15' unit='MiB' cpus='0-11'/>
</cache>
<secmodel>
<model>apparmor</model>
<doi>0</doi>
</secmodel>
<secmodel>
<model>dac</model>
<doi>0</doi>
<baselabel type='kvm'>+64055:+108</baselabel>
<baselabel type='qemu'>+64055:+108</baselabel>
</secmodel>
Now on groovy that didn't work anymore:
<secmodel>
<model>none</model>
<doi>0</doi>
</secmodel>
<secmodel>
<model>dac</model>
<doi>0</doi>
<baselabel type='kvm'>+64055:+108</baselabel>
<baselabel type='qemu'>+64055:+108</baselabel>
</secmodel>
Since 3.0 is only in proposed:
# apt-cache policy apparmor
apparmor:
Installed: 2.13.3-7ubuntu6
Candidate: 3.0.0~beta1-0ubuntu1
Version table:
3.0.0~beta1-0ubuntu1 500
500 http://archive.ubuntu.com/ubuntu groovy-proposed/main amd64
Packages
*** 2.13.3-7ubuntu6 500
500 http://archive.ubuntu.com/ubuntu groovy/main amd64 Packages
100 /var/lib/dpkg/status
I installed the former version.
$ apt install apparmor=2.13.3-7ubuntu6
$ rm /var/cache/libvirt/qemu/capabilities/*
$ systemctl restart libvirtd
And it works again.
Interestingly going back to 3.0 then works and keeps working.
Therefore maybe it is a red-herring and I'll consider it incomplete & low
prio for now until I know more (allowing others that might see the same to find
this bug and chime in).
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1895967/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
