[Bug 1386465] Re: apparmor profile prevents libvirtd from creating a socket

Tue Apr 14 18:27:14 UTC 2015

I upgraded from 14.04 to 14.10 installed libvirt and got the same error:

>From syslog I have pre aa-audit and then with aa-audit it seems to aa-
audit clears the bug with audit removed it continues to work.

Post audit log:
Apr 14 20:19:50 dnshost11 kernel: [ 1284.666816] audit_printk_skb: 36 callbacks suppressed
Apr 14 20:19:50 dnshost11 kernel: [ 1284.666820] audit: type=1400 audit(1429035590.212:108): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="/usr/sbin/libvirtd" pid=11745 comm="apparmor_parser"
Apr 14 20:19:55 dnshost11 kernel: [ 1289.734099] audit: type=1400 audit(1429035595.284:109): apparmor="AUDIT" operation="open" profile="/usr/sbin/libvirtd" name="/etc/ld.so.cache" pid=11755 comm="libvirtd" requested_mask="r" fsuid=0 ouid=0
Apr 14 20:19:55 dnshost11 kernel: [ 1289.734119] audit: type=1400 audit(1429035595.284:110): apparmor="AUDIT" operation="getattr" profile="/usr/sbin/libvirtd" name="/etc/ld.so.cache" pid=11755 comm="libvirtd" requested_mask="r" fsuid=0 ouid=0
Apr 14 20:19:55 dnshost11 kernel: [ 1289.734156] audit: type=1400 audit(1429035595.284:111): apparmor="AUDIT" operation="open" profile="/usr/sbin/libvirtd" name="/usr/lib/libvirt-lxc.so.0.1002.8" pid=11755 comm="libvirtd" requested_mask="r" fsuid=0 ouid=0
Apr 14 20:19:55 dnshost11 kernel: [ 1289.734177] audit: type=1400 audit(1429035595.284:112): apparmor="AUDIT" operation="getattr" profile="/usr/sbin/libvirtd" name="/usr/lib/libvirt-lxc.so.0.1002.8" pid=11755 comm="libvirtd" requested_mask="r" fsuid=0 ouid=0
Apr 14 20:19:55 dnshost11 kernel: [ 1289.734241] audit: type=1400 audit(1429035595.284:113): apparmor="AUDIT" operation="open" profile="/usr/sbin/libvirtd" name="/usr/lib/libvirt-qemu.so.0.1002.8" pid=11755 comm="libvirtd" requested_mask="r" fsuid=0 ouid=0
Apr 14 20:19:55 dnshost11 kernel: [ 1289.734255] audit: type=1400 audit(1429035595.284:114): apparmor="AUDIT" operation="getattr" profile="/usr/sbin/libvirtd" name="/usr/lib/libvirt-qemu.so.0.1002.8" pid=11755 comm="libvirtd" requested_mask="r" fsuid=0 ouid=0
Apr 14 20:19:55 dnshost11 kernel: [ 1289.734308] audit: type=1400 audit(1429035595.284:115): apparmor="AUDIT" operation="open" profile="/usr/sbin/libvirtd" name="/usr/lib/x86_64-linux-gnu/libavahi-common.so.3.5.3" pid=11755 comm="libvirtd" requested_mask="r" fsuid=0 ouid=0
Apr 14 20:19:55 dnshost11 kernel: [ 1289.734322] audit: type=1400 audit(1429035595.284:116): apparmor="AUDIT" operation="getattr" profile="/usr/sbin/libvirtd" name="/usr/lib/x86_64-linux-gnu/libavahi-common.so.3.5.3" pid=11755 comm="libvirtd" requested_mask="r" fsuid=0 ouid=0
Apr 14 20:19:55 dnshost11 kernel: [ 1289.734380] audit: type=1400 audit(1429035595.284:117): apparmor="AUDIT" operation="open" profile="/usr/sbin/libvirtd" name="/usr/lib/x86_64-linux-gnu/libavahi-client.so.3.2.9" pid=11755 comm="libvirtd" requested_mask="r" fsuid=0 ouid=0
Apr 14 20:19:56 dnshost11 kernel: [ 1290.908063] Bridge firewalling registered
Apr 14 20:19:56 dnshost11 kernel: [ 1290.988004] ip_tables: (C) 2000-2006 Netfilter Core Team
Apr 14 20:19:56 dnshost11 kernel: [ 1291.129991] nf_conntrack version 0.5.0 (16384 buckets, 65536 max)
Apr 14 20:19:56 dnshost11 kernel: [ 1291.233695] IPv6: ADDRCONF(NETDEV_UP): virbr0: link is not ready
Apr 14 20:19:56 dnshost11 dnsmasq[11850]: started, version 2.71 cachesize 150
Apr 14 20:19:56 dnshost11 dnsmasq[11850]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC
Apr 14 20:19:56 dnshost11 dnsmasq-dhcp[11850]: DHCP, IP range 192.168.122.2 -- 192.168.122.254, lease time 1h
Apr 14 20:19:56 dnshost11 dnsmasq-dhcp[11850]: DHCP, sockets bound exclusively to interface virbr0
Apr 14 20:19:56 dnshost11 dnsmasq[11850]: reading /etc/resolv.conf
Apr 14 20:19:56 dnshost11 dnsmasq[11850]: using nameserver 206.223.136.205#53
Apr 14 20:19:56 dnshost11 dnsmasq[11850]: read /etc/hosts - 5 addresses
Apr 14 20:19:56 dnshost11 dnsmasq[11850]: read /var/lib/libvirt/dnsmasq/default.addnhosts - 0 addresses
Apr 14 20:19:56 dnshost11 dnsmasq-dhcp[11850]: read /var/lib/libvirt/dnsmasq/default.hostsfile

** Attachment added: "Before aa-audit"
   https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1386465/+attachment/4375438/+files/beforeaudit.txt

** Changed in: libvirt (Ubuntu)
       Status: Invalid => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in Ubuntu.
https://bugs.launchpad.net/bugs/1386465

Title:
  apparmor profile prevents libvirtd from creating a socket

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1386465/+subscriptions