[Bug 1636216] [NEW] apparmor denied libvirt with TPM

Mon, 24 Oct 2016 07:17:15 -0700 

Public bug reported:

I use libvirt 2.1.0 from ubuntu 16.10 x64 to run a Windows 10 VM. The VM
runs fine if I do not add a TPM device. If I add a TPM device to the VM,
I get the following errors when I try to start the VM:

Connecting to monitor: 2016-10-24T14:03:37.178943Z qemu-system-x86_64:
-tpmdev passthrough,id=tpm-tpm0,path=/dev/fdset/2,cancel-
path=/dev/fdset/3: '/dev/fdset/2' is not a TPM device.

Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 90, in cb_wrapper
    callback(asyncjob, *args, **kwargs)
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 126, in tmpcb
    callback(*args, **kwargs)
  File "/usr/share/virt-manager/virtManager/libvirtobject.py", line 83, in newfn
    ret = fn(self, *args, **kwargs)
  File "/usr/share/virt-manager/virtManager/domain.py", line 1402, in startup
    self._backend.create()
  File "/usr/lib/python2.7/dist-packages/libvirt.py", line 1035, in create
    if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self)
libvirtError: internal error: process exited while connecting to monitor: 
2016-10-24T14:03:37.178943Z qemu-system-x86_64: -tpmdev 
passthrough,id=tpm-tpm0,path=/dev/fdset/2,cancel-path=/dev/fdset/3: 
'/dev/fdset/2' is not a TPM device.

And in dmesg, it has some apparmor denied messages:

[ 2187.750789] audit: type=1400 audit(1477317876.064:97): apparmor="DENIED" 
operation="file_perm" profile="libvirt-c908a520-d74c-4557-a92e-da114eb49d65" 
name="/dev/tpm0" pid=8884 comm="qemu-system-x86" requested_mask="w" 
denied_mask="w" fsuid=122 ouid=122
[ 2187.750803] audit: type=1400 audit(1477317876.064:98): apparmor="DENIED" 
operation="file_perm" profile="libvirt-c908a520-d74c-4557-a92e-da114eb49d65" 
name="/dev/tpm0" pid=8884 comm="qemu-system-x86" requested_mask="w" 
denied_mask="w" fsuid=122 ouid=122

** Affects: apparmor (Ubuntu)
     Importance: Undecided
         Status: New

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1636216

Title:
  apparmor denied libvirt with TPM

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1636216/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to