[Bug 1204616] [NEW] AppArmor profile libvirt is incomplete

Wido den Hollander wido at widodh.nl
Wed Jul 24 18:30:55 UTC 2013

Public bug reported:

I'm using the Ubuntu Cloud Archive and I'm encountering a incomplete
libvirt AppArmor profile.

My libvirtd.log is showing lines like this:

2013-07-24 13:41:35.254+0000: 2995: warning : virAuditSend:135 : Failed
to send audit message virt=kvm op=start reason=booted vm="r-1163-VM"
uuid=1060bdc3-d77a-35f3-a8ef-696c0aef0b42 vm-pid=5121: Operation not

This is due to "audit_write" missing as a capability in the AppArmor
profile for libvirtd.

The simple fix is to add this line:

capability audit_write

In /etc/apparmor.d/usr.sbin.libvirtd

This is with libvirt 1.0.6 from the Havana repository.

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: nova-compute (not installed)
ProcVersionSignature: Ubuntu 3.2.0-49.75-generic 3.2.46
Uname: Linux 3.2.0-49-generic x86_64
NonfreeKernelModules: fglrx
ApportVersion: 2.0.1-0ubuntu17.3
Architecture: amd64
Date: Wed Jul 24 20:27:55 2013
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
MarkForUpload: True
 PATH=(custom, no user)
SourcePackage: nova
UpgradeStatus: Upgraded to precise on 2012-04-21 (459 days ago)

** Affects: nova (Ubuntu)
     Importance: Undecided
         Status: New

** Tags: amd64 apport-bug precise running-unity

You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.

  AppArmor profile libvirt is incomplete

To manage notifications about this bug go to:

More information about the Ubuntu-server-bugs mailing list