Bug#886784: linux-image-4.14.0-0.bpo.2-amd64: apparmor blocks libvirtd
Control: reassign -1 libvirt-daemon On Tue, 9 Jan 2018 14:57:24 -0600 (CST) "Russell Mosemann" wrote: > Package: src:linux > Version: 4.14.7-1~bpo9+1 > >* What exactly did you do (or not do) that was effective (or > ineffective)? > > Starting and stopping a vm. > >* What was the outcome of this action? > > The vm goes into "in shutdown" mode. > Entries logged to the journal that apparmor is blocking libvirtd. > >* What outcome did you expect instead? > > vm should shutdown without further ado. > No error messages in the journal. I don't know what the difference is between "shutdown mode" and actually shutting down, but if starting or stopping a VM is blocked by apparmor, I would like to know about it instead of silently failing. Anyway, if this is a bug, then it's one in libvirt-daemon, not the kernel. Reassigning accordingly. signature.asc Description: This is a digitally signed message part.
Bug#886784: linux-image-4.14.0-0.bpo.2-amd64: apparmor blocks libvirtd
Package: src:linux Version: 4.14.7-1~bpo9+1 Severity: important Dear Maintainer, * What led up to the situation? New install of Debian 9.3.0 and linux-image-4.14.0-0.bpo.2-amd64. * What exactly did you do (or not do) that was effective (or ineffective)? Starting and stopping a vm. * What was the outcome of this action? The vm goes into "in shutdown" mode. Entries logged to the journal that apparmor is blocking libvirtd. * What outcome did you expect instead? vm should shutdown without further ado. No error messages in the journal. -- Package-specific info: ** Version: Linux version 4.14.0-0.bpo.2-amd64 (debian-ker...@lists.debian.org) (gcc version 6.3.0 20170516 (Debian 6.3.0-18)) #1 SMP Debian 4.14.7-1~bpo9+1 (2017-12-22) ** Command line: BOOT_IMAGE=/vmlinuz-4.14.0-0.bpo.2-amd64 root=UUID=63791703-1366-4bea-bf20-7362e014a07f ro console=tty0 console=ttyS1,115200n8 quiet ** Not tainted ** Kernel log: Jan 09 14:32:00 vhost003 audit[5200]: AVC apparmor="DENIED" operation="signal" profile="/usr/sbin/libvirtd" pid=5200 comm="libvirtd" requested_mask="send" denied_mask="send" signal=term peer="libvirt-d8a3cbb0-7b2a-4d72-a266-3ff89e7ca4e7" Jan 09 14:32:00 vhost003 audit[5200]: AVC apparmor="DENIED" operation="signal" profile="libvirt-d8a3cbb0-7b2a-4d72-a266-3ff89e7ca4e7 " pid=5200 comm="libvirtd" requested_mask="receive" denied_mask="receive" signal=term peer="/usr/sbin/libvirtd" Jan 09 14:33:40 vhost003 audit[6832]: AVC apparmor="DENIED" operation="open" profile="libvirt-d8a3cbb0-7b2a-4d72-a266-3ff89e7ca4e7" name="/sys/devices/system/node/" pid=6832 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Jan 09 14:33:40 vhost003 kernel: audit: type=1400 audit(1515530020.960:406): apparmor="DENIED" operation="open" profile="libvirt-d8a3cbb0-7b2a-4d72-a266-3ff89e7ca4e7" name="/sys/devices/system/cpu/" pid=6832 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Jan 09 14:33:40 vhost003 audit[6832]: AVC apparmor="DENIED" operation="open" profile="libvirt-d8a3cbb0-7b2a-4d72-a266-3ff89e7ca4e7" name="/sys/module/vhost/parameters/max_mem_regions" pid=6832 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Jan 09 14:33:41 vhost003 audit[6681]: AVC apparmor="DENIED" operation="ptrace" profile="/usr/sbin/libvirtd" pid=6681 comm="libvirtd" requested_mask="trace" denied_mask="trace" peer="libvirt-d8a3cbb0-7b2a-4d72-a266-3ff89e7ca4e7" ** Model information sys_vendor: To Be Filled By O.E.M. product_name: To Be Filled By O.E.M. product_version: To Be Filled By O.E.M. chassis_vendor: To Be Filled By O.E.M. chassis_version: To Be Filled By O.E.M. bios_vendor: American Megatrends Inc. bios_version: P2.30 board_vendor: ASRockRack board_name: EPC612D4I board_version: ** Loaded modules: vhost_net vhost tap tun ocfs2 quota_tree ebtable_filter ebtables ocfs2_dlmfs ocfs2_stack_o2cb ocfs2_dlm ocfs2_nodemanager ocfs2_stackglue configfs ip6table_filter ip6_tables iptable_filter bridge stp llc bonding fuse intel_rapl iTCO_wdt iTCO_vendor_support sb_edac x86_pkg_temp_thermal intel_powerclamp coretemp kvm_intel kvm irqbypass crct10dif_pclmul crc32_pclmul ast ghash_clmulni_intel ttm intel_cstate drm_kms_helper intel_uncore igb lpc_ich drm dca mxm_wmi evdev intel_rapl_perf pcspkr sg i2c_i801 mfd_core i2c_algo_bit e1000e ehci_pci xhci_pci ehci_hcd xhci_hcd mei_me ptp usbcore shpchp pps_core mei usb_common ipmi_si acpi_power_meter ipmi_devintf wmi ipmi_msghandler acpi_pad button drbd lru_cache ip_tables x_tables autofs4 ext4 crc16 mbcache jbd2 fscrypto ecb raid10 raid456 libcrc32c crc32c_generic async_raid6_recov async_memcpy async_pq async_xor xor async_tx sd_mod raid6_pq raid1 raid0 multipath linear md_mod crc32c_intel aesni_intel aes_x86_64 crypto_simd cryptd glue_helper ahci libahci libata scsi_mod ** PCI devices: 00:00.0 Host bridge [0600]: Intel Corporation Xeon E7 v4/Xeon E5 v4/Xeon E3 v4/Xeon D DMI2 [8086:6f00] (rev 01) Subsystem: ASRock Incorporation Xeon E7 v4/Xeon E5 v4/Xeon E3 v4/Xeon D DMI2 [1849:6f00] Control: I/O- Mem- BusMaster- SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+ Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR- 00:01.0 PCI bridge [0604]: Intel Corporation Xeon E7 v4/Xeon E5 v4/Xeon E3 v4/Xeon D PCI Express Root Port 1 [8086:6f02] (rev 01) (prog-if 00 [Normal decode]) Control: I/O+ Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- DisINTx+ Status: Cap+ 66MHz- UDF- FastB2B- ParErr- DEVSEL=fast >TAbort- SERR- TAbort- Reset- FastB2B- PriDiscTmr- SecDiscTmr- DiscTmrStat- DiscTmrSERREn- Capabilities: Kernel driver in use: pcieport Kernel modules: shpchp 00:02.0 PCI bridge [0604]: Intel Corporation Xeon E7 v4/Xeon E5 v4/Xeon E3 v4/Xeon D PCI Express Root Port 2 [8086:6f04] (rev 01) (prog-if 00 [Normal decode]) Control: I/O+ Mem+
