[Bug 1301516] [NEW] apparmor prevents libvirt from running qemu-system-aarch64
Oleg Strikov
oleg.strikov at canonical.com
Wed Apr 2 17:20:53 UTC 2014
Public bug reported:
While trying to run openstack-nova/libvirt on arm64 machine we got the
following error:
<libvirtd.log>
2014-04-02 16:08:11.140+0000: 1227: error : qemuProcessWaitForMonitor:1915 : internal error: process exited while connecting to monitor: libvirt: error : cannot execute binary /usr/bin/qemu-system-aarch64: Permission denied
</var/log/kern.log>
Apr 2 12:34:57 ms01a kernel: [ 2133.890335] type=1400 audit(1396456497.933:59): apparmor="DENIED" operation="exec" profile="libvirt-be2523fd-4c0a-43f0-afa9-c46122f2cf81" name="/usr/bin/qemu-system-aarch64" pid=6241 comm="libvirtd" requested_mask="x" denied_mask="x" fsuid=111 ouid=0
AppArmor prevents libvirtd from running qemu-system-aarch64 because this binary name is not listed in:
</etc/apparmor.d/abstractions/libvirt-qemu>
<...>
# the various binaries
/usr/bin/kvm rmix,
/usr/bin/qemu rmix,
/usr/bin/qemu-system-arm rmix,
/usr/bin/qemu-system-cris rmix,
/usr/bin/qemu-system-i386 rmix,
<...>
The following patch fixes the issue:
--- libvirt-1.2.2-0/debian/apparmor/libvirt-qemu 2014-04-02 12:51:03.013539000 -0400
+++ libvirt-1.2.2/debian/apparmor/libvirt-qemu 2014-04-02 12:54:18.653539000 -0400
@@ -83,6 +83,7 @@
/usr/bin/kvm rmix,
/usr/bin/qemu rmix,
/usr/bin/qemu-system-arm rmix,
+ /usr/bin/qemu-system-aarch64 rmix,
/usr/bin/qemu-system-cris rmix,
/usr/bin/qemu-system-i386 rmix,
/usr/bin/qemu-system-m68k rmix,
** Affects: libvirt (Ubuntu)
Importance: Undecided
Status: New
** Tags: hs-arm64
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in Ubuntu.
https://bugs.launchpad.net/bugs/1301516
Title:
apparmor prevents libvirt from running qemu-system-aarch64
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1301516/+subscriptions
More information about the Ubuntu-server-bugs
mailing list