[Bug 1386465] [NEW] apparmor profile prevents libvirtd from creating a socket

Christian Kirbach 1386465 at bugs.launchpad.net
Tue Oct 28 00:24:56 UTC 2014 

Public bug reported:

I'd like to emphasize that I upgraded from Ubuntu Gnome 14.4 to 14.10
I installed systemd.

libvirtd fails to start on the stock upgrade system. Examining the log
files it looks like apparmor prevents libvirtd from creating a net
socket.

Okt 28 00:31:49 rivendell kernel: audit: type=1400 audit(1414452709.808:42): apparmor="DENIED" operation="create" profile="/usr/sbin/libvirtd" pid=15162 comm="libvirtd" family="netlink" sock_type="raw" protocol=9
Okt 28 00:31:49 rivendell kernel: audit: type=1400 audit(1414452709.808:43): apparmor="DENIED" operation="create" profile="/usr/sbin/libvirtd" pid=15162 comm="libvirtd" family="netlink" sock_type="raw" protocol=0


I tried to run 

 aa-logprof

in order to have apparmor fix the permissions but that did not work.
that is why modified apparmor profiles are attached.


Putting apparmor in audit mode

 aa-audit /usr/sbin/libvirtd

enables me to start libvirt

 systemctl restart libvirtd

It looks like the apparmor profile permissions have to be adjusted.

ProblemType: Bug
DistroRelease: Ubuntu 14.10
Package: libvirt-bin 1.2.8-0ubuntu11
ProcVersionSignature: Ubuntu 3.16.0-23.31-generic 3.16.4
Uname: Linux 3.16.0-23-generic x86_64
NonfreeKernelModules: fglrx
ApportVersion: 2.14.7-0ubuntu8
Architecture: amd64
CurrentDesktop: GNOME
Date: Tue Oct 28 01:20:45 2014
InstallationDate: Installed on 2013-01-08 (657 days ago)
InstallationMedia: Ubuntu 12.10 "Quantal Quetzal" - Release amd64 (20121017.5)
KernLog:
 
SourcePackage: libvirt
UpgradeStatus: Upgraded to utopic on 2014-10-23 (4 days ago)
modified.conffile..etc.apparmor.d.usr.sbin.libvirtd: [modified]
modified.conffile..etc.libvirt.qemu.conf: [inaccessible: [Errno 13] Keine Berechtigung: '/etc/libvirt/qemu.conf']
mtime.conffile..etc.apparmor.d.usr.sbin.libvirtd: 2014-10-28T00:33:09.824586

** Affects: libvirt (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug utopic

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in Ubuntu.
https://bugs.launchpad.net/bugs/1386465

Title:
  apparmor profile prevents libvirtd from creating a socket

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1386465/+subscriptions

More information about the Ubuntu-server-bugs mailing list