Ubuntu
libvirt package

apparmor conflict with precise cloud archive

Bug #1387251 reported by Joe T
42
This bug affects 7 people
Affects Status Importance Assigned to Milestone
Ubuntu Cloud Archive
Fix Released
Critical
Chuck Short
libvirt (Ubuntu)
Fix Released
Critical
Chuck Short

Bug Description

The new release of libvirt (1.2.2-0ubuntu13.1.6) that is availabie in the precise-updates cloud archive breaks apparmor:

rc apparmor 2.7.102-0ubuntu3.10 User-space parser utility for AppArmor

With apparmor broken, I'm unable to reboot any instances in my OpenStack cloud:

Returning exception internal error: cannot load AppArmor profile 'libvirt-4c758977-35fb-45ae-961c-efdb5ef4db3f' to caller

I did not try any other action such as launching or deleting instances.

In order to resolve this, I had to re-install the prior version of libvirt (1.2.2-0ubuntu13.1.2~cloud0) and then reinstall apparmor.

Is this a bug? Should this version of libvirt not be in precise and only trusty?

See original description

CVE References

Joe T (joe-topjian-v)
description: updated
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in libvirt (Ubuntu):
status: New → Confirmed
Revision history for this message
Chuck Short (zulcss) wrote :

Fix is currently be tested and hopefully released today.

James Page (james-page)
Changed in libvirt (Ubuntu):
assignee: nobody → Chuck Short (zulcss)
importance: Undecided → Critical
Changed in cloud-archive:
assignee: nobody → Chuck Short (zulcss)
Changed in libvirt (Ubuntu):
status: Confirmed → Invalid
Changed in cloud-archive:
status: New → In Progress
importance: Undecided → Critical
James Page (james-page)
tags: added: cts
Revision history for this message
James Page (james-page) wrote :

This was fixed under:

libvirt (1.2.2-0ubuntu13.1.6~cloud2) precise-icehouse; urgency=medium

   [ Chuck Short ]
   * Back out of libvirt apparmor changes which are not compatible with
     apparmor in Ubuntu 12.04 (LP: #1276719):
     - d/apparmor/libvirt-qemu
     - d/apparmor/usr.sbin.libvirtd

   [ James Page ]
   * d/control: Drop Conflicts on older apparmor so that installation
     of libvirt does not force a removal of apparmor.

However the changelog had the wrong bug reference.

Changed in cloud-archive:
status: In Progress → Fix Released
Ryan Beisner (1chb1n)
tags: added: openstack uosci
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libvirt - 1.2.8-0ubuntu14

---------------
libvirt (1.2.8-0ubuntu14) vivid; urgency=medium

  [ Serge Hallyn ]
  * 9036-util-prepare-uri-for-libxml2-2.9.2.patch: fix FTBFS against new
    libxml 2.9.2 (LP: #1390637)

  [ Marc Deslauriers ]
  * SECURITY UPDATE: denial of service via virConnectListAllDomains
    - debian/patches/CVE-2014-3657.patch: fix domain deadlock in
      src/conf/domain_conf.c.
    - CVE-2014-3657
  * SECURITY UPDATE: xml information leak with read-only connections
    - debian/patches/CVE-2014-7823.patch: check for migratable flag in
      src/libvirt.c, src/remote/remote_protocol.x.
    - CVE-2014-7823
 -- Marc Deslauriers <email address hidden> Tue, 11 Nov 2014 13:14:00 -0500

Changed in libvirt (Ubuntu):
status: Invalid → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.