[Bug 431090] Re: libvirt apparmor profile is preventing libvirt from running eucalyptus VMs
Daniel Nurmi
dnurmi at gmail.com
Thu Sep 17 19:11:58 BST 2009
Jamie, thank you for taking a look here. First, after your response,
I've been able to modify /etc/apparmor.d/abstractions/libvirt-qemu with
the following:
/var/lib/eucalyptus/instances/**/console.log w,
/var/lib/eucalyptus/instances/**/kernel r,
/var/lib/eucalyptus/instances/**/ramdisk r,
in order to allow the NC to start a VM. I believe that kernel can
always be 'r' only, but I'm not 100% sure about the initrc (ramdisk).
It may be the case that some VMs could potentially modify the initrd on
boot.
Regarding pidfile, monitor, log file:
from the commandline -
/usr/bin/kvm -S -M pc-0.11 -m 128 -smp 1 -name i-4CFC08E8 -uuid
9f141023-980c-0577-d143-72fcd2d8b7f1 -nographic -monitor
unix:/var/run/libvirt/qemu/i-4CFC08E8.monitor,server,nowait -boot c
-kernel /var/lib/eucalyptus/instances/admin/i-4CFC08E8/kernel -initrd
/var/lib/eucalyptus/instances/admin/i-4CFC08E8/ramdisk -append
root=/dev/sda1 console=ttyS0 -drive
file=/var/lib/eucalyptus/instances/admin/i-4CFC08E8/disk,if=scsi,index=0,boot=on
-net nic,macaddr=d0:0d:4c:fc:08:e8,vlan=0,model=e1000,name=e1000.0 -net
tap,fd=17,vlan=0,name=tap.0 -serial
file:/var/lib/eucalyptus/instances/admin/i-4CFC08E8/console.log
-parallel none -usb
I at least see the monitor file path
(/var/run/libvirt/qemu/i-4CFC08E8.monitor), libvirt doesn't appear to be
specifying a pid or logfile path, and so i believe they are going to
their default location(s). I can at least confirm that the logfile is
being dropped in /var/log/libvirt/qemi//i-4CFC08E8.log (cannot confirm
pidfile because the process is dying right away).
example libvirt dumpxml:
Connecting to uri: qemu:///system
<domain type='kvm' id='7'>
<name>i-516E092C</name>
<uuid>443555e4-42a5-d231-8bf6-4f862cf33bf9</uuid>
<memory>131072</memory>
<currentMemory>131072</currentMemory>
<vcpu>1</vcpu>
<os>
<type arch='x86_64' machine='pc-0.11'>hvm</type>
<kernel>/var/lib/eucalyptus/instances/admin/i-516E092C/kernel</kernel>
<initrd>/var/lib/eucalyptus/instances/admin/i-516E092C/ramdisk</initrd>
<cmdline>root=/dev/sda1 console=ttyS0</cmdline>
<boot dev='hd'/>
</os>
<features>
<acpi/>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/bin/kvm</emulator>
<disk type='file' device='disk'>
<source file='/var/lib/eucalyptus/instances/admin/i-516E092C/disk'/>
<target dev='sda' bus='scsi'/>
</disk>
<interface type='bridge'>
<mac address='d0:0d:51:6e:09:2c'/>
<source bridge='br0'/>
<target dev='vnet0'/>
<model type='e1000'/>
</interface>
<serial type='file'>
<source path='/var/lib/eucalyptus/instances/admin/i-516E092C/console.log'/>
<target port='0'/>
</serial>
<console type='file'>
<source path='/var/lib/eucalyptus/instances/admin/i-516E092C/console.log'/>
<target port='0'/>
</console>
</devices>
</domain>
Regards
--
libvirt apparmor profile is preventing libvirt from running eucalyptus VMs
https://bugs.launchpad.net/bugs/431090
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to eucalyptus in ubuntu.
More information about the Ubuntu-server-bugs
mailing list