[Bug 448671] [NEW] apparmor breaks kvm
Launchpad Bug Tracker
448671 at bugs.launchpad.net
Sun Oct 11 20:01:12 BST 2009
You have been subscribed to a public bug:
Binary package hint: apparmor
We set up a new KVM server and thought we'd try Ubuntu 9.10 Beta amd64.
While trying to create a new kvm virtual machine with virsh create, we
received the following error on stderr:
# virsh create manage6.hetzner.africa.xml
Connecting to uri: qemu:///system
error: Failed to create domain from manage6.hetzner.africa.xml
error: could not remove profile for 'libvirt-fc18ccb7-fcd5-9847-724b-7a95a4020899'
In /var/log/syslog, we found:
Oct 7 11:18:18 manage0 kernel: [ 1174.735787] type=1505 audit(1254907098.103:22): operation="profile_load" pid=2976 name=/usr/sbin/libvirtd
Oct 7 11:18:18 manage0 kernel: [ 1174.770796] type=1505 audit(1254907098.139:23): operation="profile_load" pid=2978 name=/usr/bin/virt-aa-helper
Oct 7 15:23:59 manage0 libvirtd: 15:23:59.260: error : virSecurityReportError:108 : error calling aa_change_profile()
Oct 7 15:23:59 manage0 libvirtd: 15:23:59.260: error : qemudSecurityHook:1790 : internal error Failed to set security label
Oct 7 15:23:59 manage0 libvirtd: 15:23:59.261: error : virExecDaemonize:678 : internal error Intermediate daemon process exited with status 1.
Oct 7 15:23:59 manage0 kernel: [ 641.172840] tun: Universal TUN/TAP device driver, 1.6
Oct 7 15:23:59 manage0 kernel: [ 641.172843] tun: (C) 1999-2004 Max Krasnyansky <maxk at qualcomm.com>
Oct 7 15:23:59 manage0 kernel: [ 641.173835] device vnet0 entered promiscuous mode
Oct 7 15:23:59 manage0 kernel: [ 641.174924] br0: port 2(vnet0) entering forwarding state
Oct 7 15:23:59 manage0 kernel: [ 641.175946] __ratelimit: 42 callbacks suppressed
Oct 7 15:23:59 manage0 kernel: [ 641.175949] type=1503 audit(1254921839.254:26): operation="change_profile" info="profile not found" error=-2 pid=2159 parent=1835 profile="/usr/sbin/libvirtd" name="libvirt-29112815-1900-9027-26b3-19a1f9126658" name2="default"
Oct 7 15:23:59 manage0 libvirtd: 15:23:59.374: error : qemudReadLogOutput:816 : internal error Process exited while reading console log output
Oct 7 15:23:59 manage0 libvirtd: 15:23:59.374: error : qemudWaitForMonitor:1103 : internal error unable to start guest: libvir: Security Labeling error : error calling aa_change_profile()#012libvir: QEMU error : internal error Failed to set security label#012
Oct 7 15:23:59 manage0 libvirtd: 15:23:59.378: error : virRun:833 : internal error '/usr/bin/virt-aa-helper -R -u libvirt-29112815-1900-9027-26b3-19a1f9126658' exited with non-zero status 1 and signal 0: virt-aa-helper: error: profile does not exist#012
Oct 7 15:23:59 manage0 libvirtd: 15:23:59.378: error : virSecurityReportError:108 : could not remove profile for 'libvirt-29112815-1900-9027-26b3-19a1f9126658'
Oct 7 15:24:04 manage0 libvirtd: 15:24:04.531: error : virSecurityReportError:108 : error calling aa_change_profile()
Oct 7 15:24:04 manage0 libvirtd: 15:24:04.531: error : qemudSecurityHook:1790 : internal error Failed to set security label
Oct 7 15:24:04 manage0 libvirtd: 15:24:04.532: error : virExecDaemonize:678 : internal error Intermediate daemon process exited with status 1.
The same XML file, image and command-line invocation work on Ubuntu 9.04
x86, which is what we rolled back to, pretty much immediately. So if it
works for you, assume we got something wrong and close the bug. But it's
probably worth someone confirming that 9.10 supports libvirt+KVM. :-)
** Affects: libvirt (Ubuntu)
Importance: Undecided
Assignee: Jamie Strandboge (jdstrand)
Status: Incomplete
--
apparmor breaks kvm
https://bugs.launchpad.net/bugs/448671
You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu.
More information about the Ubuntu-server-bugs
mailing list