------- Comment From [email protected] 2018-02-19 03:35 EDT-------
> Get me right I use virsh save/restore on a regular base and it works in the
> paths that are open by default, > which are the places the images usually are
> from like /var/lib/libvirt/images/.
> If that does not work that might be a modified apparmor rule, but for that
> I'd need to know way more
> about the case and see if it is actually a bug or really just using an
> uncommon dir.
Even with uncommon dir, the denial should be consistent if the path used
by the user is not permitted then apparmor should block/deny when virsh
save is performed and not during the virsh restore.
Observation in Ubuntu 16.04.3,
# virsh save virt-tests-vm1 /var/tmp/virt-tests-vm1.save
Domain virt-tests-vm1 saved to /var/tmp/virt-tests-vm1.save
By default virsh restore fails with same error,
# virsh restore /var/tmp/virt-tests-vm1.save
error: Failed to restore domain from /var/tmp/virt-tests-vm1.save
error: operation failed: job: unexpectedly failed
But as suggested by paelzer,
> If you want to look into potential config issues, remove the silent denies to
> /var and /var temp
> at the end of "/etc/apparmor.d/abstractions/libvirt-qemu".
> Then run your case again, report back with
commenting denials,
# silence spurious denials (see lp#1403648)
deny /tmp/{,**} r,
# deny /var/tmp/{,**} r,
restart libvirtd
# virsh restore /var/tmp/virt-tests-vm1.save
error: Failed to restore domain from /var/tmp/virt-tests-vm1.save
error: internal error: Process exited prior to exec: libvirt: error : unable
to set AppArmor profile 'libvirt-81b387d9-1dfc-4f55-8b98-0318f1f94442' for
'/usr/bin/kvm': No such file or directory
But file exists,
# file /var/tmp/virt-tests-vm1.save
/var/tmp/virt-tests-vm1.save: Libvirt QEMU Suspend Image, version 2, XML length
1970, running
dmesg:
[Mon Feb 19 03:19:16 2018] virbr0: port 2(vnet0) entered blocking state
[Mon Feb 19 03:19:16 2018] virbr0: port 2(vnet0) entered disabled state
[Mon Feb 19 03:19:16 2018] device vnet0 entered promiscuous mode
[Mon Feb 19 03:19:16 2018] virbr0: port 2(vnet0) entered blocking state
[Mon Feb 19 03:19:16 2018] virbr0: port 2(vnet0) entered listening state
[Mon Feb 19 03:19:16 2018] audit: type=1400 audit(1519028363.683:12417):
apparmor="DENIED" operation="change_profile" info="label not found" error=-2
profile="/usr/sbin/libvirtd"
name="libvirt-81b387d9-1dfc-4f55-8b98-0318f1f94442" pid=12949 comm="libvirtd"
[Mon Feb 19 03:19:16 2018] virbr0: port 2(vnet0) entered disabled state
[Mon Feb 19 03:19:16 2018] device vnet0 left promiscuous mode
[Mon Feb 19 03:19:16 2018] virbr0: port 2(vnet0) entered disabled state
Attaching full dmesg with this bugzilla
Environment:
Kernel
# uname -a
Linux ltc-test-ci1 4.13.0-35-generic #39~16.04.1-Ubuntu SMP Mon Feb 12 15:01:58
UTC 2018 ppc64le ppc64le ppc64le GNU/Linux
Libvirt
# dpkg -l | grep libvirt
ii libvirt-bin 1.3.1-1ubuntu10.18
ppc64el programs for the libvirt library
ii libvirt-dev:ppc64el 1.3.1-1ubuntu10.18
ppc64el development files for the libvirt library
ii libvirt0:ppc64el 1.3.1-1ubuntu10.18
ppc64el library for interfacing with different virtualization systems
ii python-libvirt 1.3.1-1ubuntu1.1
ppc64el libvirt Python bindings
Qemu
# dpkg -l | grep qemu
ii ipxe-qemu 1.0.0+git-20150424.a25a16d-1ubuntu1.2
all PXE boot firmware - ROM images for qemu
ii qemu-block-extra:ppc64el 1:2.5+dfsg-5ubuntu10.21
ppc64el extra block backend modules for qemu-system and qemu-utils
ii qemu-kvm 1:2.5+dfsg-5ubuntu10.21
ppc64el QEMU Full virtualization
ii qemu-slof 20151103+dfsg-1ubuntu1.1
all Slimline Open Firmware -- QEMU PowerPC version
ii qemu-system-common 1:2.5+dfsg-5ubuntu10.21
ppc64el QEMU full system emulation binaries (common files)
ii qemu-system-ppc 1:2.5+dfsg-5ubuntu10.21
ppc64el QEMU full system emulation binaries (ppc)
ii qemu-utils 1:2.5+dfsg-5ubuntu10.21
ppc64el QEMU utilities
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1719579
Title:
[Ubuntu 18.04] [libvirt] virsh restore fails from state file saved in
/var/tmp folder using virsh save
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu-power-systems/+bug/1719579/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
