I tried to puzzle together the timeline on this. Thanks rbasask for discussing with me to refocus on this issue.
Timeline: #1 libvirt passed script to qemu, qemu executed 1.3.1 as in Xenial or UCA-Mitaka still do that But Openstack passed script='' and qemu silently ignored it #2 libvirt changed, now libvirt executes http://libvirt.org/git/?p=libvirt.git;a=commit;h=9c17d665fdc5f That is in Yakkety and later. This had an unintentional API change, that empty scripts behave differently. #3 Openstack adapted to that API change https://review.openstack.org/#/c/425637/ Not sure - is that in Ocata only - commit in 2017? Now new Openstack (#3) + New Libvirt (#2) work But if you happen to have an old libvirt like in #1 you now have different behavior. #4 Upstream libvirt realizes the API break and fixes it http://libvirt.org/git/?p=libvirt.git;a=commit;h=1d9ab0f04af310e52f80b4281751655bb3bb7601 But backporting that would not help, this is meant for libvirt later or equal to #2 #5 IMHO openstack should either - detect libvirt version and do differently depending on that (keep script='' for old ones) - or instead of not passing script at all pass /bin/true which will work on libvirt as old as #1 I expect you have an openstack of #4 and a libvirt of #1 which due to that cause this. I still don't see the apparmor issue on my end, but that might be an additional issue. Even in the /bin/true case we might hit an apparmor on /bin/true. Please everybody still try to hep sorting out questions in comment #16. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1665698 Title: /etc/qemu-ifup not allowed by apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-archive/+bug/1665698/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
