[Bug 448671] [NEW] apparmor breaks kvm

Sheldon Hearn sheldonh at starjuice.net
Sun Oct 11 12:52:00 UTC 2009 

Public bug reported:

Binary package hint: apparmor

We set up a new KVM server and thought we'd try Ubuntu 9.10 Beta amd64.

While trying to create a new kvm virtual machine with virsh create, we
received the following error on stderr:

# virsh create manage6.hetzner.africa.xml
Connecting to uri: qemu:///system
error: Failed to create domain from manage6.hetzner.africa.xml
error: could not remove profile for 'libvirt-fc18ccb7-fcd5-9847-724b-7a95a4020899'

In /var/log/syslog, we found:

Oct  7 11:18:18 manage0 kernel: [ 1174.735787] type=1505 audit(1254907098.103:22): operation="profile_load" pid=2976 name=/usr/sbin/libvirtd
Oct  7 11:18:18 manage0 kernel: [ 1174.770796] type=1505 audit(1254907098.139:23): operation="profile_load" pid=2978 name=/usr/bin/virt-aa-helper
Oct  7 15:23:59 manage0 libvirtd: 15:23:59.260: error : virSecurityReportError:108 : error calling aa_change_profile()
Oct  7 15:23:59 manage0 libvirtd: 15:23:59.260: error : qemudSecurityHook:1790 : internal error Failed to set security label
Oct  7 15:23:59 manage0 libvirtd: 15:23:59.261: error : virExecDaemonize:678 : internal error Intermediate daemon process exited with status 1.
Oct  7 15:23:59 manage0 kernel: [  641.172840] tun: Universal TUN/TAP device driver, 1.6
Oct  7 15:23:59 manage0 kernel: [  641.172843] tun: (C) 1999-2004 Max Krasnyansky <maxk at qualcomm.com>
Oct  7 15:23:59 manage0 kernel: [  641.173835] device vnet0 entered promiscuous mode
Oct  7 15:23:59 manage0 kernel: [  641.174924] br0: port 2(vnet0) entering forwarding state
Oct  7 15:23:59 manage0 kernel: [  641.175946] __ratelimit: 42 callbacks suppressed
Oct  7 15:23:59 manage0 kernel: [  641.175949] type=1503 audit(1254921839.254:26): operation="change_profile" info="profile not found" error=-2 pid=2159 parent=1835 profile="/usr/sbin/libvirtd" name="libvirt-29112815-1900-9027-26b3-19a1f9126658" name2="default"
Oct  7 15:23:59 manage0 libvirtd: 15:23:59.374: error : qemudReadLogOutput:816 : internal error Process exited while reading console log output
Oct  7 15:23:59 manage0 libvirtd: 15:23:59.374: error : qemudWaitForMonitor:1103 : internal error unable to start guest: libvir: Security Labeling error : error calling aa_change_profile()#012libvir: QEMU error : internal error Failed to set security label#012
Oct  7 15:23:59 manage0 libvirtd: 15:23:59.378: error : virRun:833 : internal error '/usr/bin/virt-aa-helper -R -u libvirt-29112815-1900-9027-26b3-19a1f9126658' exited with non-zero status 1 and signal 0: virt-aa-helper: error: profile does not exist#012
Oct  7 15:23:59 manage0 libvirtd: 15:23:59.378: error : virSecurityReportError:108 : could not remove profile for 'libvirt-29112815-1900-9027-26b3-19a1f9126658'
Oct  7 15:24:04 manage0 libvirtd: 15:24:04.531: error : virSecurityReportError:108 : error calling aa_change_profile()
Oct  7 15:24:04 manage0 libvirtd: 15:24:04.531: error : qemudSecurityHook:1790 : internal error Failed to set security label
Oct  7 15:24:04 manage0 libvirtd: 15:24:04.532: error : virExecDaemonize:678 : internal error Intermediate daemon process exited with status 1.

The same XML file, image and command-line invocation work on Ubuntu 9.04
x86, which is what we rolled back to, pretty much immediately. So if it
works for you, assume we got something wrong and close the bug. But it's
probably worth someone confirming that 9.10 supports libvirt+KVM. :-)

** Affects: apparmor (Ubuntu)
     Importance: Undecided
         Status: New

-- 
apparmor breaks kvm
https://bugs.launchpad.net/bugs/448671
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

More information about the universe-bugs mailing list