[Bug 1618592] [NEW] libvirt daemon fails to start when security driver changed in qemu.conf

Launchpad Bug Tracker 1618592 at bugs.launchpad.net
Wed Aug 31 16:37:50 UTC 2016 

You have been subscribed to a public bug by Ubuntu Foundations Team Bug Bot (crichton):

== Comment: #0 - Satheesh Rajendran <satheera at in.ibm.com> - 2016-08-29 05:28:08 ==
---Problem Description---
libvirt daemon fails to start when security driver changed in qemu.conf
 
Contact Information = satheera at in.ibm.com 
 
---uname output---
Linux ltc-test-ci1 4.4.0-9134-generic #53-Ubuntu SMP Thu Aug 18 05:21:43 UTC 2016 ppc64le ppc64le ppc64le GNU/Linux
 
Machine Type = power 8 ppc64le 
 
---Debugger---
A debugger is not configured
 
---Steps to Reproduce---
 1. Change "security_driver" in /etc/libvirt/qemu.conf into any of the value(none, apparmor, selinux) libvirt daemon fails to start

# grep ^security_driver /etc/libvirt/qemu.conf 
security_driver = ["none"]

#service libvirtd restart
# service libvirtd status
? libvirtd.service - Virtualization daemon
   Loaded: loaded (/lib/systemd/system/libvirtd.service; enabled; vendor preset: enabled)
   Active: inactive (dead) since Mon 2016-08-29 04:06:15 CDT; 6s ago
     Docs: man:libvirtd(8)
           http://libvirt.org
  Process: 61097 ExecStart=/usr/sbin/libvirtd $libvirtd_opts (code=exited, status=0/SUCCESS)
 Main PID: 61097 (code=exited, status=0/SUCCESS)
    Tasks: 2
   Memory: 57.5M
      CPU: 702ms
   CGroup: /system.slice/libvirtd.service
           ??4070 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper
           ??4071 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper

Aug 29 04:06:14 ltc-test-ci1 systemd[1]: Starting Virtualization daemon...
Aug 29 04:06:14 ltc-test-ci1 systemd[1]: Started Virtualization daemon.
Aug 29 04:06:15 ltc-test-ci1 dnsmasq[4070]: read /etc/hosts - 5 addresses
Aug 29 04:06:15 ltc-test-ci1 dnsmasq[4070]: read /var/lib/libvirt/dnsmasq/default.addnhosts - 0 addresses
Aug 29 04:06:15 ltc-test-ci1 dnsmasq-dhcp[4070]: read /var/lib/libvirt/dnsmasq/default.hostsfile
Aug 29 04:06:15 ltc-test-ci1 libvirtd[61097]: libvirt version: 2.1.0, package: 1ubuntu3 (Stefan Bader <stefan.bader at canonical.com> Wed, 17 Aug 2016 18:31:01 +0200)
Aug 29 04:06:15 ltc-test-ci1 libvirtd[61097]: hostname: ltc-test-ci1.aus.stglabs.ibm.com
Aug 29 04:06:15 ltc-test-ci1 libvirtd[61097]: configuration file syntax error: Duplicate security driver none---------------------------------------------------------------------------------------------------------------------------------------------NOK
Aug 29 04:06:15 ltc-test-ci1 libvirtd[61097]: Initialization of QEMU state driver failed: configuration file syntax error: Duplicate security driver none
Aug 29 04:06:15 ltc-test-ci1 libvirtd[61097]: Driver state initialization failed


# grep ^security_driver /etc/libvirt/qemu.conf 
security_driver = ["apparmor"]

#service libvirtd restart
# service libvirtd status
...
Aug 29 04:02:34 ltc-test-ci1 libvirtd[61015]: configuration file syntax error: Duplicate security driver apparmor

grep ^security_driver /etc/libvirt/qemu.conf 
security_driver = ["selinux"]

#service libvirtd restart
# service libvirtd status
...
Aug 29 04:08:30 ltc-test-ci1 libvirtd[61171]: configuration file syntax error: Duplicate security driver selinux

# grep ^security_driver /etc/libvirt/qemu.conf 
security_driver = "selinux"

#service libvirtd restart
# service libvirtd status
...
Aug 29 04:09:30 ltc-test-ci1 libvirtd[61241]: configuration file syntax error: Duplicate security driver selinux


# grep ^security_driver /etc/libvirt/qemu.conf 
security_driver = "apparmor"

#service libvirtd restart
# service libvirtd status
...
Aug 29 04:11:46 ltc-test-ci1 libvirtd[61309]: configuration file syntax error: Duplicate security driver apparmor


LIbvirt daemon only starts if the security_driver option is disabled in config file

# grep ^#security_driver /etc/libvirt/qemu.conf 
#security_driver = "none"
# service libvirtd restart
# service libvirtd status
? libvirtd.service - Virtualization daemon
   Loaded: loaded (/lib/systemd/system/libvirtd.service; enabled; vendor preset: enabled)
   Active: active (running) since Mon 2016-08-29 04:26:26 CDT; 7s ago



Userspace tool common name: ii  libvirt-bin                          2.1.0-1ubuntu3                      ppc64el      programs for the libvirt library 
 
The userspace tool has the following bit modes: both 

Userspace rpm: ii  libvirt-bin                          2.1.0-1ubuntu3
ppc64el      programs for the libvirt library

Userspace tool obtained from project website:  na 
 
*Additional Instructions for satheera at in.ibm.com: 
-Post a private note with access information to the machine that the bug is occuring on.
-Attach ltrace and strace of userspace application.

== Comment: #2 - Gary M. Gaydos <gmgaydos at us.ibm.com> - 2016-08-29 10:01:17 ==
It looks like this known bug:  https://www.mail-archive.com/libvir-list@redhat.com/msg133931.html

** Affects: libvirt (Ubuntu)
     Importance: High
     Assignee: Jon Grimm (jgrimm)
         Status: In Progress


** Tags: architecture-ppc64le bugnameltc-145676 patch severity-high targetmilestone-inin1610
-- 
libvirt daemon fails to start when security driver changed in qemu.conf
https://bugs.launchpad.net/bugs/1618592
You received this bug notification because you are a member of Ubuntu Sponsors Team, which is subscribed to the bug report.

More information about the Ubuntu-sponsors mailing list