[Bug 1384532] Re: Unable to set AppArmor profile [...] no such file or directory
I also fixed a similar issue that complained about AppArmor and qemu-system-x86_64 by deleting the /etc/apparmor.d/libvirt/libvirt* files. The files were owned by root and the first file was zero bytes long. I did not need to restart and was able to start the VM immediately. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1384532 Title: Unable to set AppArmor profile [...] no such file or directory To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1384532/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
Re: [Bug 1384532] Re: Unable to set AppArmor profile [...] no such file or directory
> 1. sudo rm /etc/apparmor.d/libvirt/libvirt- > 2. sudo rm /etc/apparmor.d/libvirt/libvirt-.files > 3. Restart machine #1 and #2 are regenerated new on every VM start. So could it be that it was just 3 for you? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1384532 Title: Unable to set AppArmor profile [...] no such file or directory To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1384532/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1384532] Re: Unable to set AppArmor profile [...] no such file or directory
I had this issue and what I did to solve it was: Deleted relevant files in /etc/apparmor.d/libvirt, e.g.: 1. sudo rm /etc/apparmor.d/libvirt/libvirt- 2. sudo rm /etc/apparmor.d/libvirt/libvirt-.files 3. Restart machine And then it worked -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1384532 Title: Unable to set AppArmor profile [...] no such file or directory To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1384532/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1384532] Re: Unable to set AppArmor profile [...] no such file or directory
Yeah it is always good to have such insights here to be found by search engines for the next who hits it. Glad that my recommendations helped. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1384532 Title: Unable to set AppArmor profile [...] no such file or directory To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1384532/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1384532] Re: Unable to set AppArmor profile [...] no such file or directory
Hi Christian, This is a false-positive reopening of this issue indeed. Still, it may contain useful bits. The error occurrence I forwarded is now solved, thanks to what you advised on a side-subject at https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1786677/comments/6 . When producing stacktrace in here ( https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1384532/comments/28 ), the root cause was that I appended this snippet at the end of '/etc/apparmor.d/abstractions/libvirt-qemu': -- {dev,run}/shm/ rw, {dev,run}/shm/* rw, -- This was a mistake to add those rules, since I should have edited the existing ones (that you stated at https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1786677/comments/6 ). In the end, I kinda duplicated the '{dev,run}/shm' rules when producing the error. With the following diff + a reload of the AppArmor profile, the error vanished: -- $ sudo diff /etc/apparmor.d/abstractions/libvirt-qemu ~/.sys/bak-custom/etc/apparmor.d/abstractions/libvirt-qemu 56c56,57 < /{dev,run}/shm r, --- > /{dev,run}/shm rw, > /{dev,run}/shm/* rw, -- What I did was just moving the 2 lines initially appended to the files, in order to overwrite the existing rules. A few asserts when the error was produced: - None of 'sudo systemctl reload apparmor', 'sudo systemctl restart apparmor' or 'sudo systemctl status apparmor' (in sequence) returned or shew an error -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1384532 Title: Unable to set AppArmor profile [...] no such file or directory To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1384532/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1384532] Re: Unable to set AppArmor profile [...] no such file or directory
Hi, the "file not found" is a red herring - in 99% of the cases it is something in the actual generated profile that is broken. Maybe newer libvirt generates a rule now for you (which it didn't before) and the config for that element contains something (e.g. a bad name) that makes it break. To debug we'd need the /etc/apparmor.d/libvirt/libvirt-* files after they got generated and failed loading. I think with [1] you can even modify the profile (mostly in the one with .files) and reload until you found which rule is breaking it. I'd assume something like: $ sudo apparmor_parser -r /etc/apparmor.d/libvirt/libvirt-5fb5b85a-b3ec-4e21-ad70-d663689b9fb5 AppArmor parser error for /etc/apparmor.d/libvirt/libvirt-5fb5b85a-b3ec-4e21-ad70-d663689b9fb5 in /etc/apparmor.d/libvirt/libvirt-5fb5b85a-b3ec-4e21-ad70-d663689b9fb5 at line 11: syntax error, unexpected TOK_CLOSE, expecting TOK_END_OF_RULE Iterate: vim /etc/apparmor.d/libvirt/libvirt-.files # adapt rules sudo apparmor_parser -r /etc/apparmor.d/libvirt/libvirt- # until this works [1]: https://help.ubuntu.com/community/AppArmor#Reload_one_profile -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1384532 Title: Unable to set AppArmor profile [...] no such file or directory To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1384532/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1384532] Re: Unable to set AppArmor profile [...] no such file or directory
(sorry for spamming multiple-posts) When the error occurs, 'dmesg' outputs: -- [ 1835.178954] audit: type=1400 audit(1534455163.959:121): apparmor="DENIED" operation="change_profile" info="label not found" error=-2 profile="/usr/sbin/libvirtd" name="libvirt-a1937a46-2b13-41bd-998b-27ee9a8209a8" pid=4930 comm="libvirtd" -- -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1384532 Title: Unable to set AppArmor profile [...] no such file or directory To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1384532/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1384532] Re: Unable to set AppArmor profile [...] no such file or directory
I reproduce the same on 18.04 LTS: Log when starting a KVM VM with 'virt-manager': -- Error starting domain: internal error: Process exited prior to exec: libvirt: error : unable to set AppArmor profile 'libvirt-a1937a46-2b13-41bd-998b-27ee9a8209a8' for '/usr/bin/kvm-spice': No such file or directory Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/asyncjob.py", line 89, in cb_wrapper callback(asyncjob, *args, **kwargs) File "/usr/share/virt-manager/virtManager/asyncjob.py", line 125, in tmpcb callback(*args, **kwargs) File "/usr/share/virt-manager/virtManager/libvirtobject.py", line 82, in newfn ret = fn(self, *args, **kwargs) File "/usr/share/virt-manager/virtManager/domain.py", line 1508, in startup self._backend.create() File "/usr/lib/python2.7/dist-packages/libvirt.py", line 1062, in create if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self) libvirtError: internal error: Process exited prior to exec: libvirt: error : unable to set AppArmor profile 'libvirt-a1937a46-2b13-41bd-998b-27ee9a8209a8' for '/usr/bin/kvm-spice': No such file or directory -- But the AppArmor profiles exist: -- $ sudo ls -lah /etc/apparmor.d/libvirt/libvirt-* -rw-r--r-- 1 root root 293 août 16 23:04 /etc/apparmor.d/libvirt/libvirt-a1937a46-2b13-41bd-998b-27ee9a8209a8 -rw-r--r-- 1 root root 1,8K août 16 23:05 /etc/apparmor.d/libvirt/libvirt-a1937a46-2b13-41bd-998b-27ee9a8209a8.files $ -- I checked paths the VM relies on (CD-ROM ISOs absolute paths) and they contain no whitespaces. Tell me if the virt-manager VM XML file is needed for troubleshooting. A troubleshooting sequence I tried, with no positive result: 1/ Deeply-deleting '*ibvir*' in '/etc/apparmor.d' 2/ Reinstalling the 'libvirt-bin' and its dependencies (incl. 'libvirt-daemon-system'), by providing the 'confmiss' DPKG flag: it restored anything libvirt-related in '/etc/apparmor.d' 2.b/ Did 1/ and 2/ for the 'qemu-kvm' and 'virt-manager' packages also 3/ Reloaded the 'apparmor' systemd daemon 4/ Rebooted machine 5/ Reloaded daemons ('daemon-reload'), the 'libvirtd' and 'qemu-kvm' systemd daemons 6/ Retried to start the VM Could a dependency package be the cause of it? -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1384532 Title: Unable to set AppArmor profile [...] no such file or directory To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1384532/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1384532] Re: Unable to set AppArmor profile [...] no such file or directory
I forgot to mention the VM never triggered AppArmor errors with 16.04.x LTS. I never checked if AppArmor was really running by the way (this is not a production host, only a developer machine). -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1384532 Title: Unable to set AppArmor profile [...] no such file or directory To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1384532/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1384532] Re: Unable to set AppArmor profile [...] no such file or directory
Hi, sorry for chiming in so late, but I haven't seen this issue before - the last update changed that. Special chars as reported in comment #26 and comment #15 are an issue, but most of them are fixed or at a better error message now. First of all since Ubuntu 17.10 (~=UCA-Pike) all files in generated rules are in quotes which formerly they were not - that allows for some chars like spaces. Further some other chars are just plain forbidden and would break the rule - these are mostly apparmor wilcards so these are now rejected since v3.10.0 by a150b86c instead of later failing when loading the profile. That said it is hard for me to track details of the old issue, but with a recent Ubuntu this should be all fixed. With space a rule will now look as: "/var/lib/uvtool/libvirt/images/a space does not hurt.qcow" rwk, and work just fine. But the actual issue - at least with tolerable special chars is fixed in the latter releases. And the apparmor wildcards do not randomly fail, or work or be a security issue - instead they always fail now. I have to admit the message is still the old misleading one in the remaining failing cases. I spawned bug 1767934 for this - but at low prio. Per above I'd set the bug fix releases at least for the latter releases. Given the long time this bug slumbers before a person is hit by it again and the fact that a simple file rename gets you around makes me not think of SRUs for this atm. So I'll set won't fix for pre-Artful, but hey - discussions welcome. ** Changed in: libvirt (Ubuntu) Status: Confirmed => Fix Released ** Also affects: libvirt (Ubuntu Artful) Importance: Undecided Status: New ** Also affects: libvirt (Ubuntu Bionic) Importance: High Status: Fix Released ** Also affects: libvirt (Ubuntu Xenial) Importance: Undecided Status: New ** Changed in: libvirt (Ubuntu Artful) Status: New => Fix Released ** Changed in: libvirt (Ubuntu Xenial) Status: New => Won't Fix ** Changed in: libvirt (Ubuntu Bionic) Importance: High => Medium ** Changed in: libvirt (Ubuntu Artful) Importance: Undecided => Medium ** Changed in: libvirt (Ubuntu Xenial) Importance: Undecided => Medium -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1384532 Title: Unable to set AppArmor profile [...] no such file or directory To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1384532/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1384532] Re: Unable to set AppArmor profile [...] no such file or directory
this issue still persists. As suggested giving a simple name to the .iso path worked around it. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1384532 Title: Unable to set AppArmor profile [...] no such file or directory To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1384532/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1384532] Re: Unable to set AppArmor profile [...] no such file or directory
I'm running libvirt-bin 1.3.1-1ubuntu10.6 and still getting this error. And it is not related to a space with the directory of a .iso file or something. This is really bizarre. Like other's, those files do exist have other (world) read access set, so no clue what code is asserting that don't exist (when they do). From virt-manager's perspective, the error in the libvirtd daemon process is not visible... I found reverting changes in `/etc/apparmor/libvirt/TEMPLATE.qemu` seemed to fix my error. As per a prior comment above, a related bug is how cumbersome apparmor error handling is. For example, nothing in libvirt nor apparmor had any indicator that something `TEMPLATE.qemu` was putting it off. It even actually generated the per domain apparmor files (as other have observed) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1384532 Title: Unable to set AppArmor profile [...] no such file or directory To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1384532/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1384532] Re: Unable to set AppArmor profile [...] no such file or directory
Just to add I think I know a solution to this problem:- 1. The libvirt files created under /etc/apparmor.d/libvirt/ has a .files 2. If the directory of the ISO specified has spaces it will fail. Workaround- 1. Change the name of the file to a very simple one( windows.iso, ubuntu.iso) 2. Make sure the path of the iso contains no directory name with spaces. 3. It works :) -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1384532 Title: Unable to set AppArmor profile [...] no such file or directory To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1384532/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1384532] Re: Unable to set AppArmor profile [...] no such file or directory
** Description changed: = Bugs are not infrequently reported along the lines of Unable to set Apparmor Profile for [emulator]: No such file or directory - It is frequently (always?) the result of some value - a cdrom or disk - file, smbios, or something - which has spaces of odd characters which - mess up virt-aa-helper or libvirt itself. + It is frequently (always?) the result of some value (a cdrom or disk + file) which has spaces of odd characters which mess up virt-aa-helper or + libvirt itself. We should attempt to detect this early on. Perhaps we can use a qemu hook, or add a check in virt-aa-helper. = /usr/bin/kvm-spice is a soft-link to /usr/bin/kvm in /etc/apparmor.d/abstractions/libvirt-qemu there is no line for kvm- spice. This leads rise to the error: libvirt: error : unable to set AppArmor profile 'libvirt-224075ba-a31a-48e9-98fe-337146e9f4f1' for '/usr/bin/kvm-spice': No such file or directory when using e.g. OpenStack $ lsb_release -rd Description:Ubuntu 14.10 Release:14.10 $ dpkg -l|grep libvirt-bin ii libvirt-bin 1.2.8-0ubuntu11 amd64programs for the libvirt library -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1384532 Title: Unable to set AppArmor profile [...] no such file or directory To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1384532/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs