On Thu, Oct 7, 2021 at 7:25 PM Ioanna Alifieraki <ioanna-maria.alifieraki@xxxxxxxxxxxxx> wrote: > > This patch-series aims to address the bug reported in [1] and [2]. > > Bug description : > Some times libvirt fails to start a vm with the following error : > libvirt: error : unable to set AppArmor profile 'libvirt-b05b297f-952f-42d6-b04e-f9a13767db54' for '/usr/bin/kvm-spice': No such file or directory > This happens because file /etc/apparmor.d/libvirt/libvirt-<vm-uuid> has 0 size. > During the vm start-up virt-aa-helper tries to load the profile and because it is 0 it fails. > When file /etc/apparmor.d/libvirt/libvirt-<vm-uuid> is removed the vm can start without problems. > > To address this issue this patch-series suggests the following. > On the vm start-up check if the profile has 0 size and if this is the case > remove it and create it again. > To do so a new option (-P) is introduced and also create and remove profile > fuctionalities are placed into separate functions. > > The first commit moves create and remove functionlites into functinos for later > reuse from different places. > The second commit adds a new option (-P) to remove the profile file. > The thid commit implements the actual fix (check if the profile has 0 size and if > so remove it and create it again). > The fourth patch adds a test for the above fix. I'm generally +1 on the overall approach and wanted to thank you for working on this. It will fix a rare but real issue. Jan had a few requests on 3/4 that all seemed reasonable suggestions, will you submit a v2 addressing those? > [1] https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1927519 > [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=890084 > > Ioanna Alifieraki (4): > virt-aa-helper: Move create and remove profile into separate functions > virt-aa-helper: Add new purge (-P) option > virt-aa-helper: Purge profile if corrupted > virt-aa-helper: test: add test for new option -P > > src/security/virt-aa-helper.c | 87 ++++++++++++++++++++++++++--------- > tests/meson.build | 1 + > tests/virt-aa-helper-test | 29 ++++++++++++ > 3 files changed, 96 insertions(+), 21 deletions(-) > > -- > 2.17.1 > -- Christian Ehrhardt Staff Engineer, Ubuntu Server Canonical Ltd
