virsh won't start any domain, but gives an error message; maybe related to apparmor
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libvirt (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: libvirt-bin
1. Ubuntu version: Ubuntu maverick (developement branch), 10.10
2. Package versions: libvirt-
3. What I expected to happen: My virtual domains would start as usual.
4. What happened instead:
Error
-------
When I try to start any of my virtual guest domains, I get an error like this:
root@meta: virsh start maverick
error: Failed to start domain maverick
error: internal error Process exited while reading console log output: libvir: Security Labeling error : internal error error calling aa_change_profile()
syslog
---------
In /var/log/syslog, I can afterwards find lines like these:
Jul 14 21:31:09 meta libvirtd: 21:31:09.931: error : qemudReadLogOut
Jul 14 21:31:10 meta kernel: [ 3137.876313] type=1400 audit(127913587
Jul 14 21:31:10 meta kernel: [ 3138.099070] type=1400 audit(127913587
Domain configuration file
-------
The domain configuration file looks like this:
root@meta# virsh dumpxml maverick
<domain type='kvm'>
<name>
<uuid>
<memory>
<currentMemor
<vcpu>2</vcpu>
<os>
<type arch='x86_64' machine=
<boot dev='hd'/>
</os>
<features>
<acpi/>
<apic/>
<pae/>
</features>
<clock offset='utc'/>
<on_poweroff>
<on_reboot>
<on_crash>
<devices>
<emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='raw'/>
<source file='/
<target dev='vda' bus='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</disk>
<disk type='file' device='cdrom'>
<driver name='qemu' type='raw'/>
<source file='/
<target dev='hdc' bus='ide'/>
<readonly/>
<address type='drive' controller='0' bus='1' unit='0'/>
</disk>
<controller type='ide' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
</controller>
<interface type='bridge'>
<mac address=
<source bridge='br0'/>
<target dev='vnet0'/>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
</interface>
<serial type='pty'>
<target port='0'/>
</serial>
<console type='pty'>
<target port='0'/>
</console>
<input type='tablet' bus='usb'/>
<input type='mouse' bus='ps2'/>
<graphics type='vnc' port='-1' autoport='yes'/>
<video>
<model type='vmvga' vram='32768' heads='1'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</video>
</devices>
</domain>
Apparmor profile
-------
aa_change_profile() seems to be part of apparmor. However, the profiles are in place, I guess:
root@meta# cat /etc/apparmor.
#
# This profile is for the domain whose UUID matches this file.
#
#include <tunables/global>
profile libvirt-
#include <abstractions/
#include <libvirt/
}
root@meta# cat /etc/apparmor.
# DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT.
"/var/
"/var/
"/var/
"/home/
"/home/
# don't audit writes to readonly files
deny "/home/
virt-manager
------------------
As I thought, there might be an apparmor-related line missing in the domain configuration, I tried to set up a new domain using virt-manager. However, I get the same error here when the newly created domain is started for the first time.
ProblemType: Bug
DistroRelease: Ubuntu 10.10
Package: libvirt-bin 0.8.1-2ubuntu1
ProcVersionSign
Uname: Linux 2.6.35-7-generic x86_64
NonfreeKernelMo
Architecture: amd64
Date: Wed Jul 14 21:29:32 2010
SourcePackage: libvirt
Status changed to 'Confirmed' because the bug affects multiple users.