on #1 profile for /usr/sbin/libvirtd [ 2652.571679] audit: type=1400 audit(1491303691.531:23): apparmor="DENIED" operation="setrlimit" profile="/usr/sbin/libvirtd" pid=7587 comm="libvirtd" rlimit=memlock value=1610612736
It isn't really clear to me why/where Apparmor is blocking that access. After a decent debugging session with the security Team it turned out that even if it would work it would not help. When allowed it changes global limits but not those of the qemu process - and thereby the failure of vfio allocation issues stays. The setrlimit will change the global limit and not the one of the qemu. It actually is a bug that it is blocked, but even when allowed it does not increase the limit of the target qemu. And by that fixing to allow that does not get us any further. Never the less I created a spin-off bug 1679704 for that. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1678322 Title: Ubuntu 17.04 KVM: Can not do hotplug attach To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1678322/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
