libvirt's apparmor profile denies access to sgabios.bin
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libvirt (Ubuntu) |
Fix Released
|
High
|
Serge Hallyn | ||
Trusty |
Fix Released
|
High
|
Unassigned | ||
Utopic |
Won't Fix
|
High
|
Unassigned |
Bug Description
=======
Impact: unable to get earli bios messages.
Test case: see below
Reression potential: the patch only grants access to the romfile, so no new bugs should be introduced.
=======
Attempting to use the sgabios ROM to capture early boot BIOS messages on the serial console. Typically this can be done via libvirt domain configuration:
<os>
<bios useserial='yes'/>
</os>
Resulting in the qemu process being launched with a '-device sga' argument that should load the optional ROM.
The sgabios package installs the ROM @ /usr/share/
I noticed the expected serial output was missing and found that apparmor is preventing sgabios from loading when spawning the VM:
[ 1378.106921] type=1400 audit(141625568
Worked around by manually installing the sgabios.bin file directly to /usr/share/
Changed in libvirt (Ubuntu): | |
status: | New → In Progress |
assignee: | nobody → Serge Hallyn (serge-hallyn) |
importance: | Undecided → High |
description: | updated |
Changed in libvirt (Ubuntu Trusty): | |
importance: | Undecided → High |
Changed in libvirt (Ubuntu Utopic): | |
importance: | Undecided → High |
tags: |
added: verification-done-trusty removed: verification-done |
This bug was fixed in the package libvirt - 1.2.8-0ubuntu15
---------------
libvirt (1.2.8-0ubuntu15) vivid; urgency=medium
* libvirt-qemu: add r to sgabios.bin (LP: #1393548)
-- Serge Hallyn <email address hidden> Mon, 17 Nov 2014 15:05:22 -0600