[Bug 431090] Re: libvirt apparmor profile is preventing libvirt from running eucalyptus VMs

Daniel Nurmi dnurmi at gmail.com
Thu Sep 17 19:11:58 BST 2009


Jamie, thank you for taking a look here.  First, after your response,
I've been able to modify /etc/apparmor.d/abstractions/libvirt-qemu with
the following:


  /var/lib/eucalyptus/instances/**/console.log w,
  /var/lib/eucalyptus/instances/**/kernel r,
  /var/lib/eucalyptus/instances/**/ramdisk r,

in order to allow the NC to start a VM.  I believe that kernel can
always be 'r' only, but I'm not 100% sure about the initrc (ramdisk).
It may be the case that some VMs could potentially modify the initrd on
boot.

Regarding pidfile, monitor, log file:

from the commandline -

/usr/bin/kvm -S -M pc-0.11 -m 128 -smp 1 -name i-4CFC08E8 -uuid
9f141023-980c-0577-d143-72fcd2d8b7f1 -nographic -monitor
unix:/var/run/libvirt/qemu/i-4CFC08E8.monitor,server,nowait -boot c
-kernel /var/lib/eucalyptus/instances/admin/i-4CFC08E8/kernel -initrd
/var/lib/eucalyptus/instances/admin/i-4CFC08E8/ramdisk -append
root=/dev/sda1 console=ttyS0 -drive
file=/var/lib/eucalyptus/instances/admin/i-4CFC08E8/disk,if=scsi,index=0,boot=on
-net nic,macaddr=d0:0d:4c:fc:08:e8,vlan=0,model=e1000,name=e1000.0 -net
tap,fd=17,vlan=0,name=tap.0 -serial
file:/var/lib/eucalyptus/instances/admin/i-4CFC08E8/console.log
-parallel none -usb

I at least see the monitor file path
(/var/run/libvirt/qemu/i-4CFC08E8.monitor), libvirt doesn't appear to be
specifying a pid or logfile path, and so i believe they are going to
their default location(s).  I can at least confirm that the logfile is
being dropped in /var/log/libvirt/qemi//i-4CFC08E8.log (cannot confirm
pidfile because the process is dying right away).

example libvirt dumpxml:

Connecting to uri: qemu:///system
<domain type='kvm' id='7'>
  <name>i-516E092C</name>
  <uuid>443555e4-42a5-d231-8bf6-4f862cf33bf9</uuid>
  <memory>131072</memory>
  <currentMemory>131072</currentMemory>
  <vcpu>1</vcpu>
  <os>
    <type arch='x86_64' machine='pc-0.11'>hvm</type>
    <kernel>/var/lib/eucalyptus/instances/admin/i-516E092C/kernel</kernel>
    <initrd>/var/lib/eucalyptus/instances/admin/i-516E092C/ramdisk</initrd>
    <cmdline>root=/dev/sda1 console=ttyS0</cmdline>
    <boot dev='hd'/>
  </os>
  <features>
    <acpi/>
  </features>
  <clock offset='utc'/>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>destroy</on_crash>
  <devices>
    <emulator>/usr/bin/kvm</emulator>
    <disk type='file' device='disk'>
      <source file='/var/lib/eucalyptus/instances/admin/i-516E092C/disk'/>
      <target dev='sda' bus='scsi'/>
    </disk>
    <interface type='bridge'>
      <mac address='d0:0d:51:6e:09:2c'/>
      <source bridge='br0'/>
      <target dev='vnet0'/>
      <model type='e1000'/>
    </interface>
    <serial type='file'>
      <source path='/var/lib/eucalyptus/instances/admin/i-516E092C/console.log'/>
      <target port='0'/>
    </serial>
    <console type='file'>
      <source path='/var/lib/eucalyptus/instances/admin/i-516E092C/console.log'/>
      <target port='0'/>
    </console>
  </devices>
</domain>

Regards

-- 
libvirt apparmor profile is preventing libvirt from running eucalyptus VMs
https://bugs.launchpad.net/bugs/431090
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to eucalyptus in ubuntu.



More information about the Ubuntu-server-bugs mailing list