[Bug 607466] Re: libvirt error starting domin: could not remove profile for

Fri Aug 13 00:50:59 BST 2010

Actually, it does looks like an apparmor problem. Putting Apparmor in
complain mode allows the domain to start, returning it to enforce brings
back the original state.

root at iadvirt02:~# aa-complain /etc/apparmor.d/usr.sbin.libvirtd
Setting /etc/apparmor.d/usr.sbin.libvirtd to complain mode.
root at iadvirt02:~# virsh start iadoptdc02
Domain iadoptdc02 started
root at iadvirt02:~# virsh destroy iadoptdc02
Domain iadoptdc02 destroyed

root at iadvirt02:~# aa-enforce /etc/apparmor.d/usr.sbin.libvirtd
Setting /etc/apparmor.d/usr.sbin.libvirtd to enforce mode.
root at iadvirt02:~# virsh start iadoptdc02
error: Failed to start domain iadoptdc02
error: could not remove profile for 'libvirt-177bb534-7d9c-91ad-e6bf-89cd76d1e1bb'

audit log:

Aug 12 23:48:15 iadvirt02 kernel: [ 1658.487839] type=1505 audit(1281656895.909:705):  operation="profile_replace" pid=11447 name="/usr/sbin/libvirtd"
Aug 12 23:48:20 iadvirt02 kernel: [ 1663.423350] device vnet0 entered promiscuous mode
Aug 12 23:48:20 iadvirt02 kernel: [ 1663.425192] br0.54: port 2(vnet0) entering forwarding state
Aug 12 23:48:20 iadvirt02 kernel: [ 1663.426730] type=1502 audit(1281656900.859:706):  operation="chown" pid=11458 parent=1 profile="/usr/sbin/libvirtd//null-1a" requested_mask="w::" denied_mask="w::" fsuid=0 ouid=0 name="/var/lib/libvirt/images/iadoptdc02.img"
Aug 12 23:48:20 iadvirt02 kernel: [ 1663.426743] type=1502 audit(1281656900.859:707):  operation="capable" pid=11458 parent=1 profile="/usr/sbin/libvirtd//null-1a" name="chown"
Aug 12 23:48:20 iadvirt02 kernel: [ 1663.426854] type=1502 audit(1281656900.859:708):  operation="open" pid=11458 parent=1 profile="/usr/sbin/libvirtd//null-1a" requested_mask="::r" denied_mask="::r" fsuid=116 ouid=0 name="/proc/11458/status"
Aug 12 23:48:20 iadvirt02 kernel: [ 1663.426996] type=1502 audit(1281656900.859:709):  operation="exec" pid=11458 parent=1 profile="/usr/sbin/libvirtd//null-1a" requested_mask="::x" denied_mask="::x" fsuid=116 ouid=0 name="/usr/bin/qemu-system-x86_64" name2="/usr/sbin/libvirtd//null-1a//null-1b"
Aug 12 23:48:20 iadvirt02 kernel: [ 1663.427400] type=1502 audit(1281656900.859:710):  operation="open" pid=11458 parent=1 profile="/usr/sbin/libvirtd//null-1a//null-1b" requested_mask="::r" denied_mask="::r" fsuid=116 ouid=0 name="/etc/ld.so.cache"
Aug 12 23:48:20 iadvirt02 kernel: [ 1663.427432] type=1502 audit(1281656900.859:711):  operation="open" pid=11458 parent=1 profile="/usr/sbin/libvirtd//null-1a//null-1b" requested_mask="::r" denied_mask="::r" fsuid=116 ouid=0 name="/lib/librt-2.11.1.so"
Aug 12 23:48:20 iadvirt02 kernel: [ 1663.427451] type=1502 audit(1281656900.859:712):  operation="file_mmap" pid=11458 parent=1 profile="/usr/sbin/libvirtd//null-1a//null-1b" requested_mask="::mr" denied_mask="::mr" fsuid=116 ouid=0 name="/lib/librt-2.11.1.so"
Aug 12 23:48:20 iadvirt02 kernel: [ 1663.427492] type=1502 audit(1281656900.859:713):  operation="open" pid=11458 parent=1 profile="/usr/sbin/libvirtd//null-1a//null-1b" requested_mask="::r" denied_mask="::r" fsuid=116 ouid=0 name="/lib/libpthread-2.11.1.so"
Aug 12 23:48:20 iadvirt02 kernel: [ 1663.427507] type=1502 audit(1281656900.859:714):  operation="file_mmap" pid=11458 parent=1 profile="/usr/sbin/libvirtd//null-1a//null-1b" requested_mask="::mr" denied_mask="::mr" fsuid=116 ouid=0 name="/lib/libpthread-2.11.1.so"
Aug 12 23:48:20 iadvirt02 kernel: [ 1663.427553] type=1502 audit(1281656900.859:715):  operation="open" pid=11458 parent=1 profile="/usr/sbin/libvirtd//null-1a//null-1b" requested_mask="::r" denied_mask="::r" fsuid=116 ouid=0 name="/lib/libaio.so.1.0.1"

-- 
libvirt error starting domin: could not remove profile for
https://bugs.launchpad.net/bugs/607466
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.