What's the bug you're seeing? What's in the logs (journal, dmesg, syslog, libvirt's logs). Please provide proper information to reproduce. -- Guido
On Sat, Jun 02, 2018 at 01:45:55AM +0300, rem_lex wrote: > Package: libvirt-daemon-system > Version: 3.0.0-4+deb9u3 > Severity: normal > > -- System Information: > Debian Release: 9.4 > APT prefers stable-updates > APT policy: (500, 'stable-updates'), (500, 'stable') > Architecture: amd64 (x86_64) > > Kernel: Linux 4.15.17-2-pve (SMP w/2 CPU cores) > Locale: LANG=ru_UA.UTF-8, LC_CTYPE=ru_UA.UTF-8 (charmap=UTF-8), > LANGUAGE=ru_UA:ru (charmap=UTF-8) > Shell: /bin/sh linked to /bin/dash > Init: systemd (via /run/systemd/system) > > Versions of packages libvirt-daemon-system depends on: > ii adduser 3.115 > ii debconf [debconf-2.0] 1.5.61 > ii gettext-base 0.19.8.1-2 > ii init-system-helpers 1.48 > ii iptables 1.6.0+snapshot20161117-6 > ii libapparmor1 2.11.0-3+deb9u2 > ii libaudit1 1:2.6.7-2 > ii libblkid1 2.29.2-1+deb9u1 > ii libc6 2.24-11+deb9u3 > ii libcap-ng0 0.7.7-3+b1 > ii libdbus-1-3 1.10.26-0+deb9u1 > ii libdevmapper1.02.1 2:1.02.137-pve6 > ii libnl-3-200 3.2.27-2 > ii libnl-route-3-200 3.2.27-2 > ii libnuma1 2.0.11-2.1 > ii librados2 10.2.5-7.2 > ii librbd1 10.2.5-7.2 > ii libselinux1 2.6-3+b3 > ii libvirt-clients 3.0.0-4+deb9u3 > ii libvirt-daemon 3.0.0-4+deb9u3 > ii libvirt0 3.0.0-4+deb9u3 > ii libxml2 2.9.4+dfsg1-2.2+deb9u2 > ii libyajl2 2.1.0-2+b3 > ii logrotate 3.11.0-0.1 > ii lsb-base 9.20161125 > ii policykit-1 0.105-18 > > Versions of packages libvirt-daemon-system recommends: > ii bridge-utils 1.5-13+deb9u1 > ii dmidecode 3.0-4 > ii dnsmasq-base 2.76-5+deb9u1 > ii ebtables 2.0.10.4-3.5+b1 > ii iproute2 4.13.0-3 > ii parted 3.2-17 > > Versions of packages libvirt-daemon-system suggests: > ii apparmor 2.11.0-3+deb9u2 > pn auditd <none> > ii nfs-common 1:1.3.4-2.1 > ii pm-utils 1.4.1-17 > pn radvd <none> > ii systemd 232-25+deb9u3 > pn systemtap <none> > pn zfsutils <none> > > -- Configuration Files: > /etc/apparmor.d/usr.sbin.libvirtd changed: > @{LIBVIRT}="libvirt" > /usr/sbin/libvirtd flags=(attach_disconnected) { > #include <abstractions/base> > #include <abstractions/dbus> > capability kill, > capability net_admin, > capability net_raw, > capability setgid, > capability sys_admin, > capability sys_module, > capability sys_ptrace, > capability sys_pacct, > capability sys_nice, > capability sys_chroot, > capability setuid, > capability dac_override, > capability dac_read_search, > capability fowner, > capability chown, > capability setpcap, > capability mknod, > capability fsetid, > capability audit_write, > capability ipc_lock, > # Needed for vfio > capability sys_resource, > network inet stream, > network inet dgram, > network inet6 stream, > network inet6 dgram, > network packet dgram, > network packet raw, > network netlink raw, > # Very lenient profile for libvirtd since we want to first focus on > confining > # the guests. Guests will have a very restricted profile. > / r, > /** rwmkl, > /bin/* PUx, > /sbin/* PUx, > /usr/bin/* PUx, > /usr/sbin/virtlogd pix, > /usr/sbin/* PUx, > /{usr/,}lib/udev/scsi_id PUx, > /usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx, > /usr/{lib,lib64}/xen/bin/* Ux, > # force the use of virt-aa-helper > audit deny /{usr/,}sbin/apparmor_parser rwxl, > audit deny /etc/apparmor.d/libvirt/** wxl, > audit deny /sys/kernel/security/apparmor/features rwxl, > audit deny /sys/kernel/security/apparmor/matching rwxl, > audit deny /sys/kernel/security/apparmor/.* rwxl, > /sys/kernel/security/apparmor/profiles r, > /usr/{lib,lib64}/libvirt/* PUxr, > /usr/{lib,lib64}/libvirt/libvirt_parthelper ix, > /usr/{lib,lib64}/libvirt/libvirt_iohelper ix, > /etc/libvirt/hooks/** rmix, > /etc/xen/scripts/** rmix, > # allow changing to our UUID-based named profiles > change_profile -> > @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, > /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper Cx -> > qemu_bridge_helper, > # child profile for bridge helper process > profile qemu_bridge_helper { > #include <abstractions/base> > capability setuid, > capability setgid, > capability setpcap, > capability net_admin, > network inet stream, > /dev/net/tun rw, > /etc/qemu/** r, > owner @{PROC}/*/status r, > /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix, > } > > # Site-specific additions and overrides. See local/README for details. > #include <local/usr.sbin.libvirtd> > } > > /etc/libvirt/nwfilter/allow-arp.xml [Errno 13] Отказано в доступе: > '/etc/libvirt/nwfilter/allow-arp.xml' > /etc/libvirt/nwfilter/allow-dhcp-server.xml [Errno 13] Отказано в доступе: > '/etc/libvirt/nwfilter/allow-dhcp-server.xml' > /etc/libvirt/nwfilter/allow-dhcp.xml [Errno 13] Отказано в доступе: > '/etc/libvirt/nwfilter/allow-dhcp.xml' > /etc/libvirt/nwfilter/allow-incoming-ipv4.xml [Errno 13] Отказано в доступе: > '/etc/libvirt/nwfilter/allow-incoming-ipv4.xml' > /etc/libvirt/nwfilter/allow-ipv4.xml [Errno 13] Отказано в доступе: > '/etc/libvirt/nwfilter/allow-ipv4.xml' > /etc/libvirt/nwfilter/clean-traffic.xml [Errno 13] Отказано в доступе: > '/etc/libvirt/nwfilter/clean-traffic.xml' > /etc/libvirt/nwfilter/no-arp-ip-spoofing.xml [Errno 13] Отказано в доступе: > '/etc/libvirt/nwfilter/no-arp-ip-spoofing.xml' > /etc/libvirt/nwfilter/no-arp-mac-spoofing.xml [Errno 13] Отказано в доступе: > '/etc/libvirt/nwfilter/no-arp-mac-spoofing.xml' > /etc/libvirt/nwfilter/no-arp-spoofing.xml [Errno 13] Отказано в доступе: > '/etc/libvirt/nwfilter/no-arp-spoofing.xml' > /etc/libvirt/nwfilter/no-ip-multicast.xml [Errno 13] Отказано в доступе: > '/etc/libvirt/nwfilter/no-ip-multicast.xml' > /etc/libvirt/nwfilter/no-ip-spoofing.xml [Errno 13] Отказано в доступе: > '/etc/libvirt/nwfilter/no-ip-spoofing.xml' > /etc/libvirt/nwfilter/no-mac-broadcast.xml [Errno 13] Отказано в доступе: > '/etc/libvirt/nwfilter/no-mac-broadcast.xml' > /etc/libvirt/nwfilter/no-mac-spoofing.xml [Errno 13] Отказано в доступе: > '/etc/libvirt/nwfilter/no-mac-spoofing.xml' > /etc/libvirt/nwfilter/no-other-l2-traffic.xml [Errno 13] Отказано в доступе: > '/etc/libvirt/nwfilter/no-other-l2-traffic.xml' > /etc/libvirt/nwfilter/no-other-rarp-traffic.xml [Errno 13] Отказано в > доступе: '/etc/libvirt/nwfilter/no-other-rarp-traffic.xml' > /etc/libvirt/nwfilter/qemu-announce-self-rarp.xml [Errno 13] Отказано в > доступе: '/etc/libvirt/nwfilter/qemu-announce-self-rarp.xml' > /etc/libvirt/nwfilter/qemu-announce-self.xml [Errno 13] Отказано в доступе: > '/etc/libvirt/nwfilter/qemu-announce-self.xml' > /etc/libvirt/qemu.conf [Errno 13] Отказано в доступе: '/etc/libvirt/qemu.conf' > /etc/libvirt/qemu/networks/default.xml [Errno 13] Отказано в доступе: > '/etc/libvirt/qemu/networks/default.xml' > > -- debconf information: > libvirt-daemon-system/id_warning: true > _______________________________________________ > Pkg-libvirt-maintainers mailing list > pkg-libvirt-maintain...@alioth-lists.debian.net > https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/pkg-libvirt-maintainers