[Bug 496163] [NEW] virsh's "define" does not create apparmor profiles

[dp]

Public bug reported:

I downloaded a VMWare Appliance. I convertet the disk image to qcow2
using qemu-img convert and copied the result to
/var/lib/libvirt/images/mydisk.img. I converted the .vmx file using
"vmware2libvirt" and stored the output in a temporary file. I update the
device file to point to the image previously created in /var/... .  I
ran "virsh" and used "define myvm.libvirt" to define the VM.

When I run "start NameOfMyVM", virsh gives me the following error:

Fehler: Domain NameOfMyVM konnte nicht gestartet werden
Fehler: could not remove profile for 'libvirt-d7d7500b-ebb1-4204-964b-ef44b4014030'

tail'ing /var/log/syslog, I get the following:

Dec 13 13:22:18 hobbes NetworkManager:    SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/vnet0, iface: vnet0)
Dec 13 13:22:18 hobbes NetworkManager:    SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/vnet0, iface: vnet0): no ifupdown configuration found.
Dec 13 13:22:18 hobbes NetworkManager: <WARN>  device_creator(): /sys/devices/virtual/net/vnet0: couldn't determine device driver; ignoring...
Dec 13 13:22:18 hobbes kernel: [10456.128148] device vnet0 entered promiscuous mode
Dec 13 13:22:18 hobbes kernel: [10456.128552] virbr0: topology change detected, propagating
Dec 13 13:22:18 hobbes kernel: [10456.128556] virbr0: port 1(vnet0) entering forwarding state
Dec 13 13:22:18 hobbes libvirtd: 13:22:18.771: error : virSecurityReportError:108 : error calling aa_change_profile()
Dec 13 13:22:18 hobbes libvirtd: 13:22:18.771: error : qemudSecurityHook:1790 : internal error Failed to set security label
Dec 13 13:22:18 hobbes libvirtd: 13:22:18.778: error : virExecDaemonize:678 : internal error Intermediate daemon process exited with status 1.
Dec 13 13:22:18 hobbes kernel: [10456.173247] virbr0: port 1(vnet0) entering disabled state
Dec 13 13:22:18 hobbes NetworkManager:    SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/vnet0, iface: vnet0)
Dec 13 13:22:18 hobbes kernel: [10456.213150] device vnet0 left promiscuous mode
Dec 13 13:22:18 hobbes kernel: [10456.213160] virbr0: port 1(vnet0) entering disabled state
Dec 13 13:22:18 hobbes libvirtd: 13:22:18.886: error : qemudReadLogOutput:816 : internal error Process exited while reading console log output
Dec 13 13:22:18 hobbes libvirtd: 13:22:18.886: error : qemudWaitForMonitor:1103 : internal error unable to start guest: libvir: Security Labeling error : error calling aa_change_profile()#012libvir: QEMU error : internal error Failed to set security label#012
Dec 13 13:22:18 hobbes libvirtd: 13:22:18.905: error : virRun:833 : internal error '/usr/bin/virt-aa-helper -R -u libvirt-d7d7500b-ebb1-4204-964b-ef44b4014030' exited with non-zero status 1 and signal 0: virt-aa-helper: error: profile does not exist#012
Dec 13 13:22:18 hobbes libvirtd: 13:22:18.905: error : virSecurityReportError:108 : could not remove profile for 'libvirt-d7d7500b-ebb1-4204-964b-ef44b4014030'

When googling for these errors I found several bigreports regarding
libvort and apparmor, all of which are marked as fixed. Looking at
/etc/apparmor.d/libvirt I found that no apparmor profile for the new VM
was created.

I previoisly created a working kvm-VM from scratch (read: install OS
from iso-image) using virt-manager (the GUI).

ProblemType: Bug
Architecture: amd64
Date: Sun Dec 13 13:07:06 2009
DistroRelease: Ubuntu 9.10
InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release Candidate amd64 (20091020.3)
Package: libvirt-bin 0.7.0-1ubuntu13.1
ProcEnviron:
 SHELL=/bin/bash
 LANG=de_DE.UTF-8
 LANGUAGE=
ProcVersionSignature: Ubuntu 2.6.31-16.53-generic
SourcePackage: libvirt
Uname: Linux 2.6.31-16-generic x86_64

** Affects: libvirt (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apport-bug

-- 
virsh's "define" does not create apparmor profiles
https://bugs.launchpad.net/bugs/496163
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.