summary refs log tree commit diff stats
path: root/results/classifier/118/none/1610368
diff options
context:
space:
mode:
Diffstat (limited to 'results/classifier/118/none/1610368')
-rw-r--r--results/classifier/118/none/1610368124
1 files changed, 124 insertions, 0 deletions
diff --git a/results/classifier/118/none/1610368 b/results/classifier/118/none/1610368
new file mode 100644
index 000000000..15f81870b
--- /dev/null
+++ b/results/classifier/118/none/1610368
@@ -0,0 +1,124 @@
+risc-v: 0.523
+mistranslation: 0.484
+user-level: 0.476
+x86: 0.475
+i386: 0.473
+TCG: 0.468
+ppc: 0.465
+KVM: 0.461
+vnc: 0.457
+graphic: 0.455
+semantic: 0.451
+PID: 0.446
+debug: 0.440
+VMM: 0.437
+peripherals: 0.433
+network: 0.433
+assembly: 0.432
+arm: 0.429
+performance: 0.428
+socket: 0.428
+permissions: 0.425
+hypervisor: 0.425
+register: 0.424
+kernel: 0.423
+files: 0.422
+architecture: 0.420
+virtual: 0.419
+boot: 0.418
+device: 0.413
+
+qemu-system-x86_64 read acces DENIED in apparmor 
+
+When starting a win8.1 VM in virt-manager I see theses errors in dmesg
+
+[  185.210435] audit: type=1400 audit(1470419576.704:27): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="libvirt-d694857f-577a-45d4-81d2-4f3672ae7bd4" pid=4885 comm="apparmor_parser"
+[  185.220800] audit: type=1400 audit(1470419576.716:28): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="libvirt-d694857f-577a-45d4-81d2-4f3672ae7bd4//qemu_bridge_helper" pid=4885 comm="apparmor_parser"
+[  185.356159] audit: type=1400 audit(1470419576.848:29): apparmor="DENIED" operation="open" profile="libvirt-d694857f-577a-45d4-81d2-4f3672ae7bd4" name="/run/udev/data/c189:1" pid=4912 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=123 ouid=0
+[  185.356244] audit: type=1400 audit(1470419576.848:30): apparmor="DENIED" operation="open" profile="libvirt-d694857f-577a-45d4-81d2-4f3672ae7bd4" name="/run/udev/data/c189:129" pid=4912 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=123 ouid=0
+[  185.356317] audit: type=1400 audit(1470419576.848:31): apparmor="DENIED" operation="open" profile="libvirt-d694857f-577a-45d4-81d2-4f3672ae7bd4" name="/run/udev/data/c189:130" pid=4912 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=123 ouid=0
+[  185.356396] audit: type=1400 audit(1470419576.848:32): apparmor="DENIED" operation="open" profile="libvirt-d694857f-577a-45d4-81d2-4f3672ae7bd4" name="/run/udev/data/c189:131" pid=4912 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=123 ouid=0
+[  185.356486] audit: type=1400 audit(1470419576.852:33): apparmor="DENIED" operation="open" profile="libvirt-d694857f-577a-45d4-81d2-4f3672ae7bd4" name="/run/udev/data/c189:257" pid=4912 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=123 ouid=0
+[  185.356545] audit: type=1400 audit(1470419576.852:34): apparmor="DENIED" operation="open" profile="libvirt-d694857f-577a-45d4-81d2-4f3672ae7bd4" name="/run/udev/data/c189:0" pid=4912 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=123 ouid=0
+
+
+the process 4912 is : 
+
+libvirt+  4912     1 36 19:52 ?        00:00:51 qemu-system-x86_64 -enable-kvm -name win8.1 -S -machine pc-i440fx-2.5,accel=kvm,usb=off -cpu Broadwell-noTSX,hv_time,hv_relaxed,hv_vapic,hv_spinlocks=0x1fff -m 4096 -realtime mlock=off -smp 2,sockets=2,cores=1,threads=1 -uuid d694857f-577a-45d4-81d2-4f3672ae7bd4 -no-user-config -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/domain-win8.1/monitor.sock,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=localtime,driftfix=slew -global kvm-pit.lost_tick_policy=discard -no-hpet -no-shutdown -global PIIX4_PM.disable_s3=1 -global PIIX4_PM.disable_s4=1 -boot strict=on -device nec-usb-xhci,id=usb,bus=pci.0,addr=0x5 -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x6 -drive file=/TEMPO/VMS/win81.qcow2,format=qcow2,if=none,id=drive-ide0-0-0 -device ide-hd,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 -netdev tap,fd=26,id=hostnet0 -device rtl8139,netdev=hostnet0,id=net0,mac=52:54:00:9d:db:21,bus=pci.0,addr=0x3 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -chardev spicevmc,id=charchannel0,name=vdagent -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.spice.0 -device usb-tablet,id=input0 -spice port=5900,addr=127.0.0.1,disable-ticketing,image-compression=off,seamless-migration=on -k fr -device qxl-vga,id=video0,ram_size=67108864,vram_size=67108864,vgamem_mb=16,bus=pci.0,addr=0x2 -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -chardev spicevmc,id=charredir0,name=usbredir -device usb-redir,chardev=charredir0,id=redir0 -chardev spicevmc,id=charredir1,name=usbredir -device usb-redir,chardev=charredir1,id=redir1 -device usb-host,hostbus=2,hostaddr=10,id=hostdev0 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x7 -msg timestamp=on
+
+
+I have no visible problems with the VM but just wanted to signal this to developpers in case this is not normal behaviour.
+
+ProblemType: Bug
+DistroRelease: Ubuntu 16.04
+Package: qemu-system-x86 1:2.5+dfsg-5ubuntu10.3
+ProcVersionSignature: Ubuntu 4.4.0-31.50-generic 4.4.13
+Uname: Linux 4.4.0-31-generic x86_64
+ApportVersion: 2.20.1-0ubuntu2.1
+Architecture: amd64
+CurrentDesktop: KDE
+Date: Fri Aug  5 19:57:37 2016
+InstallationDate: Installed on 2016-05-14 (83 days ago)
+InstallationMedia: Kubuntu 16.04 LTS "Xenial Xerus" - Release amd64 (20160420.1)
+ProcKernelCmdLine: BOOT_IMAGE=/@/boot/vmlinuz-4.4.0-31-generic root=UUID=54def8c1-2495-44c4-b760-f8dbc15e25b1 ro rootflags=subvol=@ quiet splash vt.handoff=7
+SourcePackage: qemu
+UpgradeStatus: No upgrade log present (probably fresh install)
+dmi.bios.date: 02/24/2016
+dmi.bios.vendor: Intel Corporation
+dmi.bios.version: RYBDWi35.86A.0355.2016.0224.1501
+dmi.board.name: NUC5i5RYB
+dmi.board.vendor: Intel Corporation
+dmi.board.version: H40999-504
+dmi.chassis.type: 3
+dmi.modalias: dmi:bvnIntelCorporation:bvrRYBDWi35.86A.0355.2016.0224.1501:bd02/24/2016:svn:pn:pvr:rvnIntelCorporation:rnNUC5i5RYB:rvrH40999-504:cvn:ct3:cvr:
+
+
+
+apparmor profile  
+
+$ cat /etc/apparmor.d/libvirt/libvirt-d694857f-577a-45d4-81d2-4f3672ae7bd4
+#
+# This profile is for the domain whose UUID matches this file.
+#
+
+#include <tunables/global>
+
+profile libvirt-d694857f-577a-45d4-81d2-4f3672ae7bd4 {
+  #include <abstractions/libvirt-qemu>
+  #include <libvirt/libvirt-d694857f-577a-45d4-81d2-4f3672ae7bd4.files>
+
+}
+
+
+
+
+
+
+
+$ cat /etc/apparmor.d/libvirt/libvirt-d694857f-577a-45d4-81d2-4f3672ae7bd4.files 
+# DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT.
+  "/var/log/libvirt/**/win8.1.log" w,
+  "/var/lib/libvirt/qemu/domain-win8.1/monitor.sock" rw,
+  "/var/run/libvirt/**/win8.1.pid" rwk,
+  "/run/libvirt/**/win8.1.pid" rwk,
+  "/var/run/libvirt/**/*.tunnelmigrate.dest.win8.1" rw,
+  "/run/libvirt/**/*.tunnelmigrate.dest.win8.1" rw,
+  "/TEMPO/VMS/win81.qcow2" rw,
+  # for qemu guest agent channel
+  owner "/var/lib/libvirt/qemu/channel/target/domain-win8.1/**" rw,
+  "/dev/bus/usb/002/010" rw,
+  "/dev/net/tun" rw,
+
+
+Looking at the contents of those files, I think giving libvirt vms read access by default to all of them should be safe.
+
+Hi,
+getting to my attention now due to the drop of upstream qemu.
+This is actually a dup of bug 1552241
+
+TL;DR: 
+- yes it is an issue
+- the /run/udev/data/* blanket is considered "too open"
+- a correct fix needs some serious development in virt-aa-helper
+- until this is done upstream users who want to opt-in need to opt-in (to get functionality but also unsafety) by making the profile less restrictive in /etc/apparmor.d/abstractions/libvirt-qemu
+