[Bug 462000] [NEW] apparmor disallows qemu+tcp:// connections

Tue Oct 27 15:00:14 GMT 2009

Public bug reported:

TEST CASE;
1. adjust /etc/libvirt/libvirtd.conf to have:
listen_tls = 0
listen_tcp = 1

2. Restart libvirt in listen mode:
$ sudo /etc/init.d/libvirt-bin stop
$ sudo libvirtd -d --listen

3. see if it worked:
$ virsh qemu+tcp://<ip address of remote libvirtd>/system capabilities
Please enter your authentication name:

If you are prompted for authentication in step #3, then everything is
fine (can't authenticate because we haven't setup sasl).

Currently get the following output from libvirtd in step #2:
14:48:14.916: warning : qemudStartup:521 : Unable to create cgroup for driver: No such device or address
14:48:15.005: warning : lxcStartup:1460 : Unable to create cgroup for driver: No such device or address
14:48:15.017: error : remoteMakeSockets:584 : socket: Permission denied

And in dmesg:
Oct 27 14:48:15 sec-karmic-amd64 kernel: [60424.438021] type=1503 audit(1256654895.009:40): operation="socket_create" pid=15842 parent=11268 profile="/usr/sbin/libvirtd" family="inet6" sock_type="dgram" protocol=0
Oct 27 14:48:15 sec-karmic-amd64 kernel: [60424.438093] type=1503 audit(1256654895.009:41): operation="socket_create" pid=15842 parent=11268 profile="/usr/sbin/libvirtd" family="inet6" sock_type="stream" protocol=6

Need to add the following to the profile:

** Affects: libvirt (Ubuntu)
     Importance: Undecided
         Status: New

-- 
apparmor disallows qemu+tcp:// connections
https://bugs.launchpad.net/bugs/462000
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.