[Bug 1386465] Re: apparmor profile prevents libvirtd from creating a socket
The bug is STILL present and breaks libvirt-bin upon upgrade from 14.04 to 16.04 Performing the steps from comment 34 worked around the breakage. https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1386465/comments/34 ** Changed in: libvirt (Ubuntu) Status: Expired => Confirmed ** Tags added: xenial -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in Ubuntu. https://bugs.launchpad.net/bugs/1386465 Title: apparmor profile prevents libvirtd from creating a socket To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1386465/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1386465] Re: apparmor profile prevents libvirtd from creating a socket
[Expired for libvirt (Ubuntu) because there has been no activity for 60 days.] ** Changed in: libvirt (Ubuntu) Status: Incomplete => Expired -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in Ubuntu. https://bugs.launchpad.net/bugs/1386465 Title: apparmor profile prevents libvirtd from creating a socket To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1386465/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1386465] Re: apparmor profile prevents libvirtd from creating a socket
Thanks @mahmoh, that's interesting. Perhaps we should add a comment in the shipped /etc/default/libvirt-bin? Why had you added the -l? Is there a published recipe you were following, and should that be updated? ** Changed in: libvirt (Ubuntu) Status: Expired => Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in Ubuntu. https://bugs.launchpad.net/bugs/1386465 Title: apparmor profile prevents libvirtd from creating a socket To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1386465/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1386465] Re: apparmor profile prevents libvirtd from creating a socket
[Expired for libvirt (Ubuntu) because there has been no activity for 60 days.] ** Changed in: libvirt (Ubuntu) Status: Incomplete = Expired -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in Ubuntu. https://bugs.launchpad.net/bugs/1386465 Title: apparmor profile prevents libvirtd from creating a socket To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1386465/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1386465] Re: apparmor profile prevents libvirtd from creating a socket
I upgraded from 14.04 to 14.10 installed libvirt and got the same error: From syslog I have pre aa-audit and then with aa-audit it seems to aa- audit clears the bug with audit removed it continues to work. Post audit log: Apr 14 20:19:50 dnshost11 kernel: [ 1284.666816] audit_printk_skb: 36 callbacks suppressed Apr 14 20:19:50 dnshost11 kernel: [ 1284.666820] audit: type=1400 audit(1429035590.212:108): apparmor=STATUS operation=profile_replace profile=unconfined name=/usr/sbin/libvirtd pid=11745 comm=apparmor_parser Apr 14 20:19:55 dnshost11 kernel: [ 1289.734099] audit: type=1400 audit(1429035595.284:109): apparmor=AUDIT operation=open profile=/usr/sbin/libvirtd name=/etc/ld.so.cache pid=11755 comm=libvirtd requested_mask=r fsuid=0 ouid=0 Apr 14 20:19:55 dnshost11 kernel: [ 1289.734119] audit: type=1400 audit(1429035595.284:110): apparmor=AUDIT operation=getattr profile=/usr/sbin/libvirtd name=/etc/ld.so.cache pid=11755 comm=libvirtd requested_mask=r fsuid=0 ouid=0 Apr 14 20:19:55 dnshost11 kernel: [ 1289.734156] audit: type=1400 audit(1429035595.284:111): apparmor=AUDIT operation=open profile=/usr/sbin/libvirtd name=/usr/lib/libvirt-lxc.so.0.1002.8 pid=11755 comm=libvirtd requested_mask=r fsuid=0 ouid=0 Apr 14 20:19:55 dnshost11 kernel: [ 1289.734177] audit: type=1400 audit(1429035595.284:112): apparmor=AUDIT operation=getattr profile=/usr/sbin/libvirtd name=/usr/lib/libvirt-lxc.so.0.1002.8 pid=11755 comm=libvirtd requested_mask=r fsuid=0 ouid=0 Apr 14 20:19:55 dnshost11 kernel: [ 1289.734241] audit: type=1400 audit(1429035595.284:113): apparmor=AUDIT operation=open profile=/usr/sbin/libvirtd name=/usr/lib/libvirt-qemu.so.0.1002.8 pid=11755 comm=libvirtd requested_mask=r fsuid=0 ouid=0 Apr 14 20:19:55 dnshost11 kernel: [ 1289.734255] audit: type=1400 audit(1429035595.284:114): apparmor=AUDIT operation=getattr profile=/usr/sbin/libvirtd name=/usr/lib/libvirt-qemu.so.0.1002.8 pid=11755 comm=libvirtd requested_mask=r fsuid=0 ouid=0 Apr 14 20:19:55 dnshost11 kernel: [ 1289.734308] audit: type=1400 audit(1429035595.284:115): apparmor=AUDIT operation=open profile=/usr/sbin/libvirtd name=/usr/lib/x86_64-linux-gnu/libavahi-common.so.3.5.3 pid=11755 comm=libvirtd requested_mask=r fsuid=0 ouid=0 Apr 14 20:19:55 dnshost11 kernel: [ 1289.734322] audit: type=1400 audit(1429035595.284:116): apparmor=AUDIT operation=getattr profile=/usr/sbin/libvirtd name=/usr/lib/x86_64-linux-gnu/libavahi-common.so.3.5.3 pid=11755 comm=libvirtd requested_mask=r fsuid=0 ouid=0 Apr 14 20:19:55 dnshost11 kernel: [ 1289.734380] audit: type=1400 audit(1429035595.284:117): apparmor=AUDIT operation=open profile=/usr/sbin/libvirtd name=/usr/lib/x86_64-linux-gnu/libavahi-client.so.3.2.9 pid=11755 comm=libvirtd requested_mask=r fsuid=0 ouid=0 Apr 14 20:19:56 dnshost11 kernel: [ 1290.908063] Bridge firewalling registered Apr 14 20:19:56 dnshost11 kernel: [ 1290.988004] ip_tables: (C) 2000-2006 Netfilter Core Team Apr 14 20:19:56 dnshost11 kernel: [ 1291.129991] nf_conntrack version 0.5.0 (16384 buckets, 65536 max) Apr 14 20:19:56 dnshost11 kernel: [ 1291.233695] IPv6: ADDRCONF(NETDEV_UP): virbr0: link is not ready Apr 14 20:19:56 dnshost11 dnsmasq[11850]: started, version 2.71 cachesize 150 Apr 14 20:19:56 dnshost11 dnsmasq[11850]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC Apr 14 20:19:56 dnshost11 dnsmasq-dhcp[11850]: DHCP, IP range 192.168.122.2 -- 192.168.122.254, lease time 1h Apr 14 20:19:56 dnshost11 dnsmasq-dhcp[11850]: DHCP, sockets bound exclusively to interface virbr0 Apr 14 20:19:56 dnshost11 dnsmasq[11850]: reading /etc/resolv.conf Apr 14 20:19:56 dnshost11 dnsmasq[11850]: using nameserver 206.223.136.205#53 Apr 14 20:19:56 dnshost11 dnsmasq[11850]: read /etc/hosts - 5 addresses Apr 14 20:19:56 dnshost11 dnsmasq[11850]: read /var/lib/libvirt/dnsmasq/default.addnhosts - 0 addresses Apr 14 20:19:56 dnshost11 dnsmasq-dhcp[11850]: read /var/lib/libvirt/dnsmasq/default.hostsfile ** Attachment added: Before aa-audit https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1386465/+attachment/4375438/+files/beforeaudit.txt ** Changed in: libvirt (Ubuntu) Status: Invalid = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in Ubuntu. https://bugs.launchpad.net/bugs/1386465 Title: apparmor profile prevents libvirtd from creating a socket To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1386465/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1386465] Re: apparmor profile prevents libvirtd from creating a socket
Thanks - as you have no more issues i'll mark the bug 'invalid' meaning cannot currently be reproduced. If it happens again please re-open the bug. ** Changed in: libvirt (Ubuntu) Status: Incomplete = Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in Ubuntu. https://bugs.launchpad.net/bugs/1386465 Title: apparmor profile prevents libvirtd from creating a socket To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1386465/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1386465] Re: apparmor profile prevents libvirtd from creating a socket
I can reproduce this bug ** Changed in: libvirt (Ubuntu) Status: Invalid = Confirmed -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in Ubuntu. https://bugs.launchpad.net/bugs/1386465 Title: apparmor profile prevents libvirtd from creating a socket To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1386465/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
Re: [Bug 1386465] Re: apparmor profile prevents libvirtd from creating a socket
Thanks you for the information - that's quite frustrating. It seems quite clear (between this bug and some others) that there is a hard-to-trigger bug in the libvirt apparmor policy, but I've not yet spotted any obvious trigger. I'm marking this bug invalid meaning cannot be reproduced, but if anyone sees anything like it again please to mark it confirmed and add what informatino you can. status: invalid ** Changed in: libvirt (Ubuntu) Status: Incomplete = Invalid -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in Ubuntu. https://bugs.launchpad.net/bugs/1386465 Title: apparmor profile prevents libvirtd from creating a socket To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1386465/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs