Also see Ubuntu bug
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1668681
First reported https://askubuntu.com/questions/833964/virt-manager-cant-connect-to-graphical-console/888220#888220
---
examples/apparmor/libvirt-qemu | 3 +++
1 file changed, 3 insertions(+)
diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
index a9020aa..19d99e5 100644
--- a/examples/apparmor/libvirt-qemu
+++ b/examples/apparmor/libvirt-qemu
@@ -151,3 +151,6 @@
/etc/udev/udev.conf r,
/sys/bus/ r,
/sys/class/ r,
+
+ # allow connect with openGraphicsFD to work
+ unix (send, receive) type=stream peer=(label=/usr/sbin/libvirtd),
--
2.10.2
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
With Jamie Strandboge's help it should be restricted a bit more by adding addr=none: unix (send, receive) type=stream addr=none peer=(label=/usr/sbin/libvirtd), On Tue, Feb 28, 2017 at 1:48 PM, Bryan Quigley <bryan.quigley@canonical.com> wrote: > Also see Ubuntu bug > https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1668681 > First reported https://askubuntu.com/questions/833964/virt-manager-cant-connect-to-graphical-console/888220#888220 > > --- > examples/apparmor/libvirt-qemu | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu > index a9020aa..19d99e5 100644 > --- a/examples/apparmor/libvirt-qemu > +++ b/examples/apparmor/libvirt-qemu > @@ -151,3 +151,6 @@ > /etc/udev/udev.conf r, > /sys/bus/ r, > /sys/class/ r, > + > + # allow connect with openGraphicsFD to work > + unix (send, receive) type=stream peer=(label=/usr/sbin/libvirtd), > -- > 2.10.2 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On Tue, Feb 28, 2017 at 01:48:31PM -0500, Bryan Quigley wrote: > Also see Ubuntu bug > https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1668681 > First reported https://askubuntu.com/questions/833964/virt-manager-cant-connect-to-graphical-console/888220#888220 > > --- > examples/apparmor/libvirt-qemu | 3 +++ > 1 file changed, 3 insertions(+) > > diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu > index a9020aa..19d99e5 100644 > --- a/examples/apparmor/libvirt-qemu > +++ b/examples/apparmor/libvirt-qemu > @@ -151,3 +151,6 @@ > /etc/udev/udev.conf r, > /sys/bus/ r, > /sys/class/ r, > + > + # allow connect with openGraphicsFD to work > + unix (send, receive) type=stream peer=(label=/usr/sbin/libvirtd), Shouldn't this only be added via virt-aa-helper when a corresponding console is in use? Cheers, -- Guido -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
Hi Guido, It's only needed when a user actually clicks on the running VM in virt-manager. It's not defined differently in the domain xml. I'm thinking that means virt-aa-helper can't help us in this case, but am open to being proven wrong. Thanks! Bryan On Wed, Mar 1, 2017 at 1:04 AM, Guido Günther <agx@sigxcpu.org> wrote: > On Tue, Feb 28, 2017 at 01:48:31PM -0500, Bryan Quigley wrote: >> Also see Ubuntu bug >> https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1668681 >> First reported https://askubuntu.com/questions/833964/virt-manager-cant-connect-to-graphical-console/888220#888220 >> >> --- >> examples/apparmor/libvirt-qemu | 3 +++ >> 1 file changed, 3 insertions(+) >> >> diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu >> index a9020aa..19d99e5 100644 >> --- a/examples/apparmor/libvirt-qemu >> +++ b/examples/apparmor/libvirt-qemu >> @@ -151,3 +151,6 @@ >> /etc/udev/udev.conf r, >> /sys/bus/ r, >> /sys/class/ r, >> + >> + # allow connect with openGraphicsFD to work >> + unix (send, receive) type=stream peer=(label=/usr/sbin/libvirtd), > > Shouldn't this only be added via virt-aa-helper when a corresponding > console is in use? > Cheers, > -- Guido -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On Wed, Mar 01, 2017 at 05:11:53PM -0500, Bryan Quigley wrote: > Hi Guido, > > It's only needed when a user actually clicks on the running VM in > virt-manager. It's not defined differently in the domain xml. > > I'm thinking that means virt-aa-helper can't help us in this case, but > am open to being proven wrong. The fd is passed over the existing socket, no new socket is created to the qemu process, so yes virt-aa-helper won't help here. Sorry for the noise. -- Guido > > Thanks! > Bryan > > On Wed, Mar 1, 2017 at 1:04 AM, Guido Günther <agx@sigxcpu.org> wrote: > > On Tue, Feb 28, 2017 at 01:48:31PM -0500, Bryan Quigley wrote: > >> Also see Ubuntu bug > >> https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1668681 > >> First reported https://askubuntu.com/questions/833964/virt-manager-cant-connect-to-graphical-console/888220#888220 > >> > >> --- > >> examples/apparmor/libvirt-qemu | 3 +++ > >> 1 file changed, 3 insertions(+) > >> > >> diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu > >> index a9020aa..19d99e5 100644 > >> --- a/examples/apparmor/libvirt-qemu > >> +++ b/examples/apparmor/libvirt-qemu > >> @@ -151,3 +151,6 @@ > >> /etc/udev/udev.conf r, > >> /sys/bus/ r, > >> /sys/class/ r, > >> + > >> + # allow connect with openGraphicsFD to work > >> + unix (send, receive) type=stream peer=(label=/usr/sbin/libvirtd), > > > > Shouldn't this only be added via virt-aa-helper when a corresponding > > console is in use? > > Cheers, > > -- Guido > > -- > libvir-list mailing list > libvir-list@redhat.com > https://www.redhat.com/mailman/listinfo/libvir-list -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
This starves a bit in the corners of the ML, any chance to pick this up for 3.11? On Thu, Mar 2, 2017 at 8:42 AM, Guido Günther <agx@sigxcpu.org> wrote: > On Wed, Mar 01, 2017 at 05:11:53PM -0500, Bryan Quigley wrote: >> Hi Guido, >> >> It's only needed when a user actually clicks on the running VM in >> virt-manager. It's not defined differently in the domain xml. >> >> I'm thinking that means virt-aa-helper can't help us in this case, but >> am open to being proven wrong. > > The fd is passed over the existing socket, no new socket is created to > the qemu process, so yes virt-aa-helper won't help here. Sorry for the > noise. > -- Guido > >> >> Thanks! >> Bryan >> >> On Wed, Mar 1, 2017 at 1:04 AM, Guido Günther <agx@sigxcpu.org> wrote: >> > On Tue, Feb 28, 2017 at 01:48:31PM -0500, Bryan Quigley wrote: >> >> Also see Ubuntu bug >> >> https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1668681 >> >> First reported https://askubuntu.com/questions/833964/virt-manager-cant-connect-to-graphical-console/888220#888220 >> >> >> >> --- >> >> examples/apparmor/libvirt-qemu | 3 +++ >> >> 1 file changed, 3 insertions(+) >> >> >> >> diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu >> >> index a9020aa..19d99e5 100644 >> >> --- a/examples/apparmor/libvirt-qemu >> >> +++ b/examples/apparmor/libvirt-qemu >> >> @@ -151,3 +151,6 @@ >> >> /etc/udev/udev.conf r, >> >> /sys/bus/ r, >> >> /sys/class/ r, >> >> + >> >> + # allow connect with openGraphicsFD to work >> >> + unix (send, receive) type=stream peer=(label=/usr/sbin/libvirtd), >> > >> > Shouldn't this only be added via virt-aa-helper when a corresponding >> > console is in use? >> > Cheers, >> > -- Guido >> >> -- >> libvir-list mailing list >> libvir-list@redhat.com >> https://www.redhat.com/mailman/listinfo/libvir-list > > -- > libvir-list mailing list > libvir-list@redhat.com > https://www.redhat.com/mailman/listinfo/libvir-list -- Christian Ehrhardt Software Engineer, Ubuntu Server Canonical Ltd -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
© 2016 - 2024 Red Hat, Inc.