Hello Peter, On 13.06.19 10:08, Peter Krempa wrote: > On Tue, Jun 11, 2019 at 14:35:46 +0200, Peter Krempa wrote: >> On Fri, May 31, 2019 at 14:03:40 +0200, Marcus Hoffmann wrote: [...] >> >> I managed to reproduce this issue but when using selinux. I'll try to >> fix it with selinux and will try to assess whether it has the possiblity >> to fix apparmor too. I'll cc you on a patch when I'll be able to fix it. > > > Well, > > The problem I managed to fix had the same symptoms but probably was not > what you see, as you are using libvirt 5.0.0 and I broke the permissions > code in libvirt 5.4.0. > > Unfortunately I can't tell what's wrong from the debug logs you've > provided. Is there a possibility to collect anything from apparmor? In > selinux world we do collect denials of the security model in a log file > which might indicate what's happening. As I wrote in my original email I *thought* I had disabled apparmor enforcement for libvirt completely at this point. I'm not an apparmor expert, so I'm really not too sure. I'll see if I can gather more information. > > Also I've pushed a patch which adds more logging to the > permission-changing code executed while doing blockjobs: > > commit e6635c626a252669c79a84fe0a2af11a361aa341 (HEAD -> master, origin/master, origin/HEAD) > Author: Peter Krempa <pkrempa@xxxxxxxxxx> > Date: Wed Jun 12 13:49:57 2019 +0200 > > qemu: domain: Log some useful data in qemuDomainStorageSourceAccessModify > > Log the flags passed to the function in a exploded state so that it's > easily visible what's happening to the image. > > Signed-off-by: Peter Krempa <pkrempa@xxxxxxxxxx> > Reviewed-by: Ján Tomko <jtomko@xxxxxxxxxx> > > Unfortunately that commit can't be applied to libvirt 5.0 because it > depends on a refactor which I pushed in 5.4 (which also caused the > problem I was fixing recently). If you could test the upstream version > it would be great. > > Thanks for reporting the problem and I'd be grateful if you could > collect logs from the apparmor security thing. > I'll try to upgrade to upstream libvirt. It will probably take me a bit to get around to this. Thanks looing into this. Marcus
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
