[Bug 1546978] [NEW] apparmor does not allow to run qemu-dm executable
Pablo Orviz
orviz at ifca.unican.es
Thu Feb 18 11:23:24 UTC 2016
Public bug reported:
In a Ubuntu 14.04.1 LTS with Xen 4.4.2
libvirt returns a "permission denied" error when trying to run qemu-dm
executable.
-> /var/log/xen/qemu-dm-instance-0000c40b.log
libxl: cannot execute /usr/lib/xen-4.4/bin/qemu-dm: Permission denied
-> /var/log/kern.log
audit: type=1400 audit(1455787612.609:24): apparmor="DENIED" operation="exec" profile="/usr/sbin/libvirtd" name="/usr/lib/xen-4.4/bin/qemu-dm" pid=9329 comm="libvirtd" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
Including the executable in apparmor configuration (under /etc/apparmor.d//etc/apparmor.d/usr.sbin.libvirtd) solves the issue:
/usr/lib/xen-*/bin/pygrub PUx,
+ /usr/lib/xen-*/bin/qemu-dm,
# lsb_release -rd
Description: Ubuntu 14.04.1 LTS
Release: 14.04
libvirt-bin 1.2.12-0ubuntu14.2~cloud0
libvirt0 1.2.12-0ubuntu14.2~cloud0
apparmor 2.8.95~2430-0ubuntu5.3
libapparmor-perl 2.8.95~2430-0ubuntu5.3
libapparmor1:amd64 2.8.95~2430-0ubuntu5.3
xen-utils-4.4 4.4.2-0ubuntu0.14.04.4
** Affects: libvirt (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in Ubuntu.
https://bugs.launchpad.net/bugs/1546978
Title:
apparmor does not allow to run qemu-dm executable
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1546978/+subscriptions
More information about the Ubuntu-server-bugs
mailing list