Again, replying to myself. It seems that my assessment that app armor wasn't interfering was mistaken. Found it in the logs:
Aug 23 22:55:44 pea kernel: [17442.226663] type=1400 audit(1314150944.573:64): a pparmor="DENIED" operation="exec" parent=10501 profile="/usr/sbin/libvirtd" name ="/usr/libexec/libvirt_lxc" pid=10712 comm="libvirtd" requested_mask="x" denied_ mask="x" fsuid=0 ouid=0 Sorry for all the noise. -- Stephen On Aug 23, 2011, at 10:08 PM, Stephen Eilert wrote: > Answering myself. I've enabled as much logging as possible, and asked libvirt > to log lxc. This is the result: > > 2011-08-23 22:19:08.778: starting up > PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin > LIBVIRT_DEBUG=1 LIBVIRT_LOG_OUTPUTS=1:syslog:libvirtd > /usr/libexec/libvirt_lxc --name vm_14 --console 18 --handshake 21 > --background --veth veth1 > 22:19:08.791: 10215: info : libvirt version: 0.9.4 > 22:19:08.791: 10215: debug : virCommandHook:1962 : Hook is done 0 > libvir: error : cannot execute binary /usr/libexec/libvirt_lxc: Permission > denied > > Stil not sure what would prevent libvirt_lxc execution - tested with an > unprivileged user and it was able to run the binary (but not actually start > the VMs). The error message seem to indicate that the 'exec' call failed. > Nothing shows on app armor (disabled it) or other logs in general. > > > -- Stephen > > > On Aug 23, 2011, at 7:56 PM, Stephen Eilert wrote: > >> >> Hello, >> >> I've encountered the following error, trying to start a domain: >> >> error: internal error Child process >> (PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/X11R6/bin >> LIBVIRT_DEBUG=2 LIBVIRT_LOG_OUTPUTS=2:syslog:libvirtd >> /usr/libexec/libvirt_lxc --name vm_14 --console 18 --handshake 21 >> --background --veth veth1) status unexpected: exit status 1 >> >> I see nothing relevant in syslog, google searches have returned nothing. >> Starting libvirt_lxc manually seems to work (the process never returns), but >> of course the VMs do not start. >> >> I am at a loss on what to do next. I'm running Ubuntu 10.04, which is itself >> a guest system running under virtual box (host is OSX Lion). I've compiled >> libvirt from git (using /usr as the --prefix, after removing the OS >> package), LXC containers are installed from a PPA, as the default Ubuntu >> kernel doesn't enable network namespaces. LXC itself doesn't appear to be a >> problem, as I can start VMs with lxc-start. Since I required libvirt's API, >> using LXC directly is not desirable. >> >> Does anyone have any tips on what I should be looking for? Thanks. >> >> >> -- Stephen >> >> >> -- Domain definition follows: >> >> <domain type='lxc'> >> <name>vm_14</name> >> <uuid>9243fb5b-6b26-44af-7408-69c7f2d4ff03</uuid> >> <memory>262144</memory> >> <currentMemory>262144</currentMemory> >> <vcpu>1</vcpu> >> <os> >> <type arch='x86_64'>exe</type> >> <init>/sbin/init</init> >> </os> >> <clock offset='utc'/> >> <on_poweroff>destroy</on_poweroff> >> <on_reboot>restart</on_reboot> >> <on_crash>preserve</on_crash> >> <devices> >> <emulator>/usr/libexec/libvirt_lxc</emulator> >> <filesystem type='mount' accessmode='passthrough'> >> <source dir='/var/lib/lxc/vmpea/rootfs/'/> >> <target dir='/'/> >> <readonly/> >> </filesystem> >> <filesystem type='mount' accessmode='passthrough'> >> <source dir='/home/lxcadmin/repositories/14'/> >> <target dir='/home/lxcmaster'/> >> </filesystem> >> <interface type='network'> >> <mac address='52:54:00:10:7a:e7'/> >> <source network='default'/> >> <target dev='veth0'/> >> </interface> >> <console type='pty'> >> <target type='serial' port='0'/> >> </console> >> </devices> >> </domain> >> >> > _______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
