This bug was fixed in the package qemu - 1:10.1.0+ds-5ubuntu1
---------------
qemu (1:10.1.0+ds-5ubuntu1) questing; urgency=medium
* Merge with Debian unstable.
Among several other backported fixes this will resolve
- fix crash when disabling GL scanout on (LP: #2121832)
Remaining changes:
- qemu-kvm to systemd unit
- d/qemu-kvm-init: script for QEMU KVM preparation modules, ksm,
hugepages and architecture specifics
- d/qemu-system-common.qemu-kvm.service: systemd unit to call
qemu-kvm-init
- d/qemu-system-common.install: install helper script
- d/qemu-system-common.qemu-kvm.default: defaults for
/etc/default/qemu-kvm
- d/rules: call dh_installinit and dh_installsystemd for qemu-kvm
- Distribution specific machine type
(LP 1304107 1621042 1776189 1761372 1761372 1776189)
- d/p/ubuntu/define-ubuntu-machine-types.patch: define distro machine
types containing release versioned machine attributes
- Add an info about -hpb machine type in debian/qemu-system-x86.NEWS
- ubuntu-q35 alias added to auto-select the most recent q35 ubuntu type
- Enable nesting by default
- d/p/ubuntu/enable-svm-by-default.patch: Enable nested svm by default
in qemu64 on amd
[ No more strictly needed, but required for backward compatibility ]
- tolerate ipxe size change on migrations to >=18.04 (LP 1713490)
- d/p/ubuntu/pre-bionic-256k-ipxe-efi-roms.patch: old machine types
reference 256k path
- d/control-in: depend on ipxe-qemu-256k-compat-efi-roms to be able to
handle incoming migrations from former releases.
- d/qemu-block-extra.postinst: Use latest Ubuntu's QEMU
package version when deciding whether to invoke
'deb-systemd-helper purge'.
- d/control-in: Disable B-D on qemu-system-data, due to that also
- d/rules: Export DEB_BUILD_PROFILES with
pkg.qemu.use-upstream-vdso when building on non-amd64 architectures.
- d/control: Disable B-D on seabios.
- d/rules: Disable upstream tests depending on qemu-system-data
- d/control-in: B-D on multipath libs for multipath persist in
qemu-pr-helper (LP 2117378)
- d/p/u/ubuntu/mitigate-gcc15-ftbfs.patch: fix gcc-15 FTBFS
+ roms/u-boot-sam460ex/config.mk would ignore cflags, set it in makefile
+ SLOF would fail with old and new std, but works with updated headers
matching the recent libgcc-15-dev package in questing leveraging
/usr/lib/gcc/x86_64-linux-gnu/15/include/stdbool.h
- d/control-in: B-D on multipath libs for multipath persist in
qemu-pr-helper (LP 2117378)
- d/control-in: breaks/replaces for dtb files moving qemu-system-misc
to qemu-system-data
* Dropped changes [ in 1:10.1.0+ds-5 ]
- d/p/u/mitigate-gcc15-wrong-behavior.patch: mitigate riscv emulation
being broken by gcc15 on ppc64 (LP 2120835)
- d/p/u/mitigate-gcc15-ftbfs.patch: fix FTBFS in sam460ex replacing
d/p/u-boot-sam460ex-stdc23.patch
-- Christian Ehrhardt <[email protected]> Fri, 15 Aug
2025 08:07:30 +0200
** Changed in: qemu (Ubuntu)
Status: Triaged => Fix Released
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2121832
Title:
after recent apt upgrade apparmor denies or virtio graphics access to
PCI GPU device
Status in apparmor package in Ubuntu:
Confirmed
Status in libvirt package in Ubuntu:
Confirmed
Status in qemu package in Ubuntu:
Fix Released
Bug description:
after an apt update && apt upgrade this morning, a libvirt linux guest
that uses virtio gl graphics no longer starts. it appears to trace
back to messages logged when the vm is started:
[ 831.675127] audit: type=1400 audit(1756755746.150:506): apparmor="DENIED"
operation="open" class="file"
profile="libvirt-bab34a3b-a169-4d55-af9b-3d36935aa471"
name="/sys/devices/pci0000:00/0000:00:08.1/0000:66:00.0/drm/" pid=7954
comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0
[ 831.675133] audit: type=1400 audit(1756755746.150:507): apparmor="DENIED"
operation="open" class="file"
profile="libvirt-bab34a3b-a169-4d55-af9b-3d36935aa471"
name="/sys/devices/pci0000:00/0000:00:08.1/0000:66:00.0/drm/" pid=7954
comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0
[ 831.703052] qemu-system-x86[7954]: segfault at 0 ip 00007e17da469370 sp
00007fff00a2c4f0 error 4 in ui-spice-core.so[a370,7e17da465000+7000] likely on
CPU 16 (core 8, socket 0)
[ 831.703071] Code: 84 c0 74 26 48 8b 05 07 6c 00 00 80 38 00 74 1a 83 bb 10
01 00 00 00 74 11 80 bb 14 01 00 00 00 75 3e 0f 1f 84 00 00 00 00 00 <8b> 04 25
00 00 00 00 0f 0b 48 8b 05 d0 6b 00 00 66 83 38 00 74 b7
[ 831.732226] audit: type=1400 audit(1756755746.208:508): apparmor="DENIED"
operation="mknod" class="file"
profile="libvirt-bab34a3b-a169-4d55-af9b-3d36935aa471" name="/core.7954"
pid=7954 comm="qemu-system-x86" requested_mask="c" denied_mask="c" fsuid=64055
ouid=64055
prior to this upgrade, the vm started properly on this machine running
kubuntu 25.10
ProblemType: Bug
DistroRelease: Ubuntu 25.10
Package: apparmor 5.0.0~alpha1-0ubuntu4
ProcVersionSignature: Ubuntu 6.16.0-16.16-generic 6.16.0
Uname: Linux 6.16.0-16-generic x86_64
NonfreeKernelModules: nvidia_modeset nvidia zfs
ApportVersion: 2.33.1-0ubuntu2
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: KDE
Date: Mon Sep 1 12:46:47 2025
ProcKernelCmdline: root=zfs:zroot/ROOT/ubuntu loglevel=4
spl.spl_hostid=0x00bab10c
SourcePackage: apparmor
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2121832/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
