Red Hat Bugzilla – Bug 1302139
VM permanently tries to read /dev/shm/lttng-ust-wait-5 saturating logs.
Last modified: 2017-12-12 19:20:36 EST
Description of problem:
Ceph 94.5-1trusty - But liblttng is also packaged in RHCS 1.3.1 so downstream is susceptible to this as well.
Bug is open with Canonical: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1432644/
Logs are constantly spammed with:
[4220163.899438] type=1400 audit(1447230173.207:7763726): apparmor="DENIED" operation="open" profile="libvirt-" name="/run/shm/lttng-ust-wait-5" pid=69948 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=111 ouid=0
VM permanently tries to read /dev/shm/lttng-ust-wait-5
When used with enforced apparmor profile, this results in logs filled with denied messages.
As I understand it, liblttng is here to allow tracing / debugging in python (not sure). Maybe virt-manager shouldn't be shipped with debugging mode enabled by default, or maybe it is a perfectly legitimate feature and the apparmor profile should be updated.
lttng is disabled in Infernalis by default, but need to address issue being seen in Hammer.
Upstream bug ID: http://tracker.ceph.com/issues/14520
Upstream ceph commits 5d204db..a81bcf7 (in the hammer branch) fix this.
Josh, Is a81bcf7 relevant to this bug?
(In reply to Brad Hubbard from comment #3)
> Josh, Is a81bcf7 relevant to this bug?
Yes, it's needed since d02beff1cf7650fe6e57cdafe64dcbee2631ed52 introduces the Singleton that it fixes.
My bad, sorry Josh.
You will probably need to back-port only the following patch:
The rest of the upstream PR should already be covered by bz 1304455.
Moving to VERIFIED per kdreyer in 2/17 PM call.
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.