[Bug 1384532] Re: Unable to set AppArmor profile [...] no such file or directory

2020-12-11 Thread Jason Fisher
I also fixed a similar issue that complained about AppArmor and 
qemu-system-x86_64 by deleting the /etc/apparmor.d/libvirt/libvirt* files.  The 
files were owned by root and the first file was zero bytes long. 
 I did not need to restart and was able to start the VM immediately.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1384532

Title:
  Unable to set AppArmor profile [...] no such file or directory

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1384532/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Re: [Bug 1384532] Re: Unable to set AppArmor profile [...] no such file or directory

2019-05-08 Thread Christian Ehrhardt 
> 1. sudo rm /etc/apparmor.d/libvirt/libvirt-
> 2. sudo rm /etc/apparmor.d/libvirt/libvirt-.files
> 3. Restart machine

#1 and #2 are regenerated new on every VM start.
So could it be that it was just 3 for you?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1384532

Title:
  Unable to set AppArmor profile [...] no such file or directory

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1384532/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1384532] Re: Unable to set AppArmor profile [...] no such file or directory

2019-05-07 Thread James Gibson
I had this issue and what I did to solve it was:

Deleted relevant files in /etc/apparmor.d/libvirt, e.g.:

1. sudo rm /etc/apparmor.d/libvirt/libvirt-
2. sudo rm /etc/apparmor.d/libvirt/libvirt-.files
3. Restart machine

And then it worked

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1384532

Title:
  Unable to set AppArmor profile [...] no such file or directory

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1384532/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1384532] Re: Unable to set AppArmor profile [...] no such file or directory

2018-08-17 Thread  Christian Ehrhardt 
Yeah it is always good to have such insights here to be found by search
engines for the next who hits it.

Glad that my recommendations helped.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1384532

Title:
  Unable to set AppArmor profile [...] no such file or directory

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1384532/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1384532] Re: Unable to set AppArmor profile [...] no such file or directory

2018-08-17 Thread Pascal A.
Hi Christian,

This is a false-positive reopening of this issue indeed. Still, it may
contain useful bits.

The error occurrence I forwarded is now solved, thanks to what you
advised on a side-subject at
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1786677/comments/6
.

When producing stacktrace in here ( 
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1384532/comments/28 ), 
the root cause was that I appended this snippet at the end of 
'/etc/apparmor.d/abstractions/libvirt-qemu':
--
{dev,run}/shm/ rw,
{dev,run}/shm/* rw,
--

This was a mistake to add those rules, since I should have edited the
existing ones (that you stated at
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1786677/comments/6
).

In the end, I kinda duplicated the '{dev,run}/shm' rules when producing the 
error. With the following diff + a reload of the AppArmor profile, the error 
vanished:
--
$ sudo diff /etc/apparmor.d/abstractions/libvirt-qemu 
~/.sys/bak-custom/etc/apparmor.d/abstractions/libvirt-qemu 
56c56,57
<   /{dev,run}/shm r,
---
>   /{dev,run}/shm rw,
>   /{dev,run}/shm/* rw,
--

What I did was just moving the 2 lines initially appended to the files,
in order to overwrite the existing rules.

A few asserts when the error was produced:
  - None of 'sudo systemctl reload apparmor', 'sudo systemctl restart apparmor' 
or 'sudo systemctl status apparmor' (in sequence) returned or shew an error

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1384532

Title:
  Unable to set AppArmor profile [...] no such file or directory

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1384532/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1384532] Re: Unable to set AppArmor profile [...] no such file or directory

2018-08-16 Thread  Christian Ehrhardt 
Hi,
the "file not found" is a red herring - in 99% of the cases it is something in 
the actual generated profile that is broken.
Maybe newer libvirt generates a rule now for you (which it didn't before) and 
the config for that element contains something (e.g. a bad name) that makes it 
break.

To debug we'd need the /etc/apparmor.d/libvirt/libvirt-* files after
they got generated and failed loading.

I think with [1] you can even modify the profile (mostly in the one with
.files) and reload until you found which rule is breaking it.

I'd assume something like:
$ sudo apparmor_parser -r 
/etc/apparmor.d/libvirt/libvirt-5fb5b85a-b3ec-4e21-ad70-d663689b9fb5
AppArmor parser error for 
/etc/apparmor.d/libvirt/libvirt-5fb5b85a-b3ec-4e21-ad70-d663689b9fb5 in 
/etc/apparmor.d/libvirt/libvirt-5fb5b85a-b3ec-4e21-ad70-d663689b9fb5 at line 
11: syntax error, unexpected TOK_CLOSE, expecting TOK_END_OF_RULE


Iterate:
vim /etc/apparmor.d/libvirt/libvirt-.files
# adapt rules
sudo apparmor_parser -r /etc/apparmor.d/libvirt/libvirt-
# until this works

[1]: https://help.ubuntu.com/community/AppArmor#Reload_one_profile

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1384532

Title:
  Unable to set AppArmor profile [...] no such file or directory

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1384532/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1384532] Re: Unable to set AppArmor profile [...] no such file or directory

2018-08-16 Thread Pascal A.
(sorry for spamming multiple-posts)

When the error occurs, 'dmesg' outputs:
--
[ 1835.178954] audit: type=1400 audit(1534455163.959:121): apparmor="DENIED" 
operation="change_profile" info="label not found" error=-2 
profile="/usr/sbin/libvirtd" 
name="libvirt-a1937a46-2b13-41bd-998b-27ee9a8209a8" pid=4930 comm="libvirtd"
--

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1384532

Title:
  Unable to set AppArmor profile [...] no such file or directory

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1384532/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1384532] Re: Unable to set AppArmor profile [...] no such file or directory

2018-08-16 Thread Pascal A.
I reproduce the same on 18.04 LTS:

Log when starting a KVM VM with 'virt-manager':
--
Error starting domain: internal error: Process exited prior to exec: libvirt:  
error : unable to set AppArmor profile 
'libvirt-a1937a46-2b13-41bd-998b-27ee9a8209a8' for '/usr/bin/kvm-spice': No 
such file or directory

Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 89, in cb_wrapper
callback(asyncjob, *args, **kwargs)
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 125, in tmpcb
callback(*args, **kwargs)
  File "/usr/share/virt-manager/virtManager/libvirtobject.py", line 82, in newfn
ret = fn(self, *args, **kwargs)
  File "/usr/share/virt-manager/virtManager/domain.py", line 1508, in startup
self._backend.create()
  File "/usr/lib/python2.7/dist-packages/libvirt.py", line 1062, in create
if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self)
libvirtError: internal error: Process exited prior to exec: libvirt:  error : 
unable to set AppArmor profile 'libvirt-a1937a46-2b13-41bd-998b-27ee9a8209a8' 
for '/usr/bin/kvm-spice': No such file or directory
--

But the AppArmor profiles exist:
--
$ sudo ls -lah /etc/apparmor.d/libvirt/libvirt-*
-rw-r--r-- 1 root root  293 août  16 23:04 
/etc/apparmor.d/libvirt/libvirt-a1937a46-2b13-41bd-998b-27ee9a8209a8
-rw-r--r-- 1 root root 1,8K août  16 23:05 
/etc/apparmor.d/libvirt/libvirt-a1937a46-2b13-41bd-998b-27ee9a8209a8.files

$
--

I checked paths the VM relies on (CD-ROM ISOs absolute paths) and they
contain no whitespaces.

Tell me if the virt-manager VM XML file is needed for troubleshooting.

A troubleshooting sequence I tried, with no positive result:
  1/ Deeply-deleting '*ibvir*' in '/etc/apparmor.d'
  2/ Reinstalling the 'libvirt-bin' and its dependencies (incl. 
'libvirt-daemon-system'), by providing the 'confmiss' DPKG flag: it restored 
anything libvirt-related in '/etc/apparmor.d'
  2.b/ Did 1/ and 2/ for the 'qemu-kvm' and 'virt-manager' packages also
  3/ Reloaded the 'apparmor' systemd daemon
  4/ Rebooted machine
  5/ Reloaded daemons ('daemon-reload'), the 'libvirtd' and 'qemu-kvm' systemd 
daemons
  6/ Retried to start the VM

Could a dependency package be the cause of it?

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1384532

Title:
  Unable to set AppArmor profile [...] no such file or directory

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1384532/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1384532] Re: Unable to set AppArmor profile [...] no such file or directory

2018-08-16 Thread Pascal A.
I forgot to mention the VM never triggered AppArmor errors with 16.04.x
LTS. I never checked if AppArmor was really running by the way (this is
not a production host, only a developer machine).

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1384532

Title:
  Unable to set AppArmor profile [...] no such file or directory

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1384532/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1384532] Re: Unable to set AppArmor profile [...] no such file or directory

2018-04-29 Thread ChristianEhrhardt
Hi,
sorry for chiming in so late, but I haven't seen this issue before - the last 
update changed that.
Special chars as reported in comment #26 and comment #15 are an issue, but most 
of them are fixed or at a better error message now.

First of all since Ubuntu 17.10 (~=UCA-Pike) all files in generated
rules are in quotes which formerly they were not - that allows for some
chars like spaces.

Further some other chars are just plain forbidden and would break the
rule - these are mostly apparmor wilcards so these are now rejected
since v3.10.0 by a150b86c instead of later failing when loading the
profile.

That said it is hard for me to track details of the old issue, but with
a recent Ubuntu this should be all fixed.

With space a rule will now look as:
  "/var/lib/uvtool/libvirt/images/a space does not hurt.qcow" rwk,
and work just fine.

But the actual issue - at least with tolerable special chars is fixed in
the latter releases. And the apparmor wildcards do not randomly fail, or
work or be a security issue - instead they always fail now.

I have to admit the message is still the old misleading one in the remaining 
failing cases.
I spawned bug 1767934 for this - but at low prio.

Per above I'd set the bug fix releases at least for the latter releases.
Given the long time this bug slumbers before a person is hit by it again and 
the fact that a simple file rename gets you around makes me not think of SRUs 
for this atm.
So I'll set won't fix for pre-Artful, but hey - discussions welcome.

** Changed in: libvirt (Ubuntu)
   Status: Confirmed => Fix Released

** Also affects: libvirt (Ubuntu Artful)
   Importance: Undecided
   Status: New

** Also affects: libvirt (Ubuntu Bionic)
   Importance: High
   Status: Fix Released

** Also affects: libvirt (Ubuntu Xenial)
   Importance: Undecided
   Status: New

** Changed in: libvirt (Ubuntu Artful)
   Status: New => Fix Released

** Changed in: libvirt (Ubuntu Xenial)
   Status: New => Won't Fix

** Changed in: libvirt (Ubuntu Bionic)
   Importance: High => Medium

** Changed in: libvirt (Ubuntu Artful)
   Importance: Undecided => Medium

** Changed in: libvirt (Ubuntu Xenial)
   Importance: Undecided => Medium

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1384532

Title:
  Unable to set AppArmor profile [...] no such file or directory

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1384532/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1384532] Re: Unable to set AppArmor profile [...] no such file or directory

2018-04-27 Thread untoreh
this issue still persists. As suggested giving a simple name to the .iso
path worked around it.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1384532

Title:
  Unable to set AppArmor profile [...] no such file or directory

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1384532/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

[Bug 1384532] Re: Unable to set AppArmor profile [...] no such file or directory

2017-01-10 Thread Jean-Pierre van Riel
I'm running libvirt-bin 1.3.1-1ubuntu10.6 and still getting this error.
And it is not related to a space with the directory of a .iso file or
something.

This is really bizarre. Like other's, those files do exist have other
(world) read access set, so no clue what code is asserting that don't
exist (when they do). From virt-manager's perspective, the error in the
libvirtd daemon process is not visible...

I found reverting changes in `/etc/apparmor/libvirt/TEMPLATE.qemu`
seemed to fix my error.

As per a prior comment above, a related bug is how cumbersome apparmor
error handling is. For example, nothing in libvirt nor apparmor had any
indicator that something `TEMPLATE.qemu` was putting it off. It even
actually generated the per domain apparmor files (as other have
observed)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1384532

Title:
  Unable to set AppArmor profile [...] no such file or directory

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1384532/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1384532] Re: Unable to set AppArmor profile [...] no such file or directory

2016-09-14 Thread Prateek khushalani
Just to add I think I know a solution to this problem:-

1. The libvirt files created under  /etc/apparmor.d/libvirt/ has a 
.files
2. If the directory of the ISO specified has spaces it will fail.


Workaround-

1. Change the name of the file to a very simple one( windows.iso, ubuntu.iso)
2. Make sure the path of the iso contains no directory name with spaces.
3. It works :)

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1384532

Title:
  Unable to set AppArmor profile [...] no such file or directory

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1384532/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs


[Bug 1384532] Re: Unable to set AppArmor profile [...] no such file or directory

2015-11-05 Thread Serge Hallyn
** Description changed:

  =
  Bugs are not infrequently reported along the lines of
  Unable to set Apparmor Profile for [emulator]: No such file or directory
  
- It is frequently (always?) the result of some value - a cdrom or disk
- file, smbios, or something - which has spaces of odd characters which
- mess up virt-aa-helper or libvirt itself.
+ It is frequently (always?) the result of some value (a cdrom or disk
+ file) which has spaces of odd characters which mess up virt-aa-helper or
+ libvirt itself.
  
  We should attempt to detect this early on.  Perhaps we can use a qemu hook, 
or add a check in virt-aa-helper.
  =
  
  /usr/bin/kvm-spice is a soft-link to /usr/bin/kvm
  
  in /etc/apparmor.d/abstractions/libvirt-qemu there is no line for kvm-
  spice.
  
  This leads rise to the error:
  libvirt:  error : unable to set AppArmor profile 
'libvirt-224075ba-a31a-48e9-98fe-337146e9f4f1' for '/usr/bin/kvm-spice': No 
such file or directory
  
  when using e.g. OpenStack
  
  $ lsb_release -rd
  Description:Ubuntu 14.10
  Release:14.10
  
  $ dpkg -l|grep libvirt-bin
  ii  libvirt-bin 1.2.8-0ubuntu11 
amd64programs for the libvirt library

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1384532

Title:
  Unable to set AppArmor profile [...] no such file or directory

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1384532/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs