[Bug 579584] Re: setgid, setuid needed by /etc/apparmor.d/abstractions/libvirt-qemu

Thomas Mayer thomas303 at web.de
Wed May 19 17:35:12 BST 2010 

Hello,

I just updated from jaunty to karmic and then to lucid.
After that, I had the same problem and I could not boot my images any more. Maybe apparmor was installed automatically and caused the problem when starting a guest:

error: Failed to start domain 220_trxerdpd330_installtest
error: internal error unable to start guest: libvir: QEMU error : cannot change to '114' group: Operation not permitted

after adding the following lines in /etc/apparmor.d/libvirt-qemu the problem was solved:
capability setgid,
capability setuid,

The xml of my guest looks like this

<domain type='kvm'>
  <name>220_trxerdpd330_installtest</name>
  <uuid>87cb0f4f-1d8f-4e8b-2a1f-4cda94aca1ec</uuid>
  <memory>524288</memory>
  <currentMemory>524288</currentMemory>
  <vcpu>2</vcpu>
  <os>
    <type arch='x86_64' machine='pc'>hvm</type>
    <boot dev='hd'/>
  </os>
  <features>
    <acpi/>
    <apic/>
    <pae/>
  </features>
  <clock offset='utc'/>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>restart</on_crash>
  <devices>
    <emulator>/usr/bin/kvm</emulator>
    <disk type='file' device='disk'>
      <source file='/home/vms/220_trxerdpd330_installtest.img'/>
      <target dev='hda' bus='ide'/>
    </disk>
    <disk type='file' device='cdrom'>
      <target dev='hdc' bus='ide'/>
      <readonly/>
    </disk>
    <interface type='bridge'>
      <mac address='00:16:36:4e:bd:fb'/>
      <source bridge='br0'/>
    </interface>
    <serial type='pty'>
      <source path='/dev/pts/4'/>
      <target port='0'/>
    </serial>
    <console type='pty' tty='/dev/pts/4'>
      <source path='/dev/pts/4'/>
      <target port='0'/>
    </console>
    <input type='mouse' bus='ps2'/>
    <graphics type='vnc' port='6220' autoport='no' keymap='de'/>
  </devices>
</domain>

When I mount a readonly cd image, I get similar errors:

I think there are two issues:
1. libvirt should not chown/chgrp/chmod images, especially not readonly images
2. apparmor profile should correspond to libvirt.

-- 
setgid, setuid needed by /etc/apparmor.d/abstractions/libvirt-qemu
https://bugs.launchpad.net/bugs/579584
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.

More information about the Ubuntu-server-bugs mailing list