Ubuntu
libvirt package

apparmor profiles are never deleted

Bug #438165 reported by Jamie Strandboge
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libvirt (Ubuntu)
Fix Released
Low
Jamie Strandboge
Ubuntu ubuntu-9.10
Karmic
Fix Released
Low
Jamie Strandboge
Ubuntu ubuntu-9.10

Bug Description

Files in /etc/apparmor.d/libvirt/libvirt-* are added whenever a machine is started, but they are never deleted. Over time, hundreds of unused files could accumulate in this directory. While /etc/apparmor.d/libvirt/libvirt-* are meant to be configurable by the user and shouldn't be simply deleted on boot, some mechanism for cleaning out the directory should exist. Ideally this should happen on undefine, but libvirt does not currently have a hook for the security driver on undefine (this can be added in karmic+1). The easiest solution would be to add a cron job to clean out old, undefined profiles.

Jamie Strandboge (jdstrand)
Changed in libvirt (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
importance: Undecided → Low
milestone: none → ubuntu-9.10
status: New → Triaged
Jamie Strandboge (jdstrand)
summary: - apparmor profiles in are never deleted
+ apparmor profiles are never deleted
Changed in libvirt (Ubuntu Karmic):
status: Triaged → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libvirt - 0.7.0-1ubuntu9

---------------
libvirt (0.7.0-1ubuntu9) karmic; urgency=low

  * allow access for sound (LP: #437854)
    - abstractions/libvirt-qemu: add very specific rules for allowing ALSA. We
      do not use the audio abstraction because the virtual machine runs as root
      and therefore DAC cannot be used as a fallback.
    - debian/README.Debian: add some text to encourage review of the AppArmor
      profiles and abstraction when using in production environments
  * debian/libvirt-bin.cron.daily: added to clean out old profiles that are no
    longer associated with a virtual machine definition (LP: #438165)
  * debian/patches/9091-apparmor.patch:
    - quote the pid, monitor and logfile in case any of them have weird
      characters (complete fix for LP: #432810)
    - support <readonly/> for disks

 -- Jamie Strandboge <email address hidden> Mon, 05 Oct 2009 16:31:12 -0500

Changed in libvirt (Ubuntu Karmic):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.