[Bug 1786181] [NEW] libvirt 4.6 triggers apparmor issues when starting a guest - unable to change the profile

Thu, 09 Aug 2018 00:41:23 -0700 

Public bug reported:

Starting a guest e.g. via uvtool now fails.

$ uvt-kvm create --password=ubuntu b release=bionic arch=ppc64el label=daily
Warning: using --password from the command line is not secure and should be 
used for debugging only.
uvt-kvm: error: libvirt: internal error: Process exited prior to exec: 
ostnet0,vhost=on,vhostfd=28 -device 
virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:2b:22:f2,bus=pci.0,addr=0x1 
-chardev pty,id=charserial0 -device 
spapr-vty,chardev=charserial0,id=serial0,reg=0x30000000 -device 
usb-kbd,id=input0,bus=usb.0,port=1 -device usb-mouse,id=input1,bus=usb.0,port=2 
-vnc 127.0.0.1:0 -device VGA,id=video0,vgamem_mb=16,bus=pci.0,addr=0x6 -device 
virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5 -sandbox 
on,obsolete=deny,elevateprivileges=deny,spawn=deny,resourcecontrol=deny -msg 
timestamp=on
libvirt:  error : unable to set AppArmor profile 
'libvirt-90110376-bc54-4bd5-806b-c4e68f30f461' for '/usr/bin/kvm': No such file 
or directory


The related Deny is:
[71225.866420] audit: type=1400 audit(1533799502.774:2669): apparmor="DENIED" 
operation="change_profile" info="label not found" error=-2 
profile="/usr/sbin/libvirtd" 
name="libvirt-90110376-bc54-4bd5-806b-c4e68f30f461" pid=134355 comm="libvirtd"


So it is libvirtd who wants to do things but gets denied - per 
profile="/usr/sbin/libvirtd"


The generated profiles exist:
/etc/apparmor.d/libvirt/libvirt-90110376-bc54-4bd5-806b-c4e68f30f461
/etc/apparmor.d/libvirt/libvirt-90110376-bc54-4bd5-806b-c4e68f30f461.files

** Affects: libvirt (Ubuntu)
     Importance: Undecided
         Status: Invalid

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786181

Title:
  libvirt 4.6 triggers apparmor issues when starting a guest - unable to
  change the profile

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1786181/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to