Public bug reported:
It appears a recent package upgrade of either libvirt0, qemu-* or
apparmour has changed the enforcement policy on image files located in
/lib/libvirtd/images. After a recent package upgrade I now see the
following:
virsh start athens
error: Failed to start domain athens
error: internal error: process exited while connecting to monitor:
2018-05-23T14:47:42.883710Z qemu-system-x86_64: -drive
file=/var/lib/libvirt/images/nvme1.qcow2,if=none,id=nvme1,format=qcow2: Could
not open '/var/lib/libvirt/images/nvme1.qcow2': Permission denied
a look in dmesg shows:
...
[56859.732814] audit: type=1400 audit(1527086862.856:122): apparmor="STATUS"
operation="profile_replace" profile="unconfined"
name="libvirt-e61ed540-1288-4920-97b1-2bdce72ab394" pid=11956
comm="apparmor_parser"
[56859.755248] audit: type=1400 audit(1527086862.876:123): apparmor="DENIED"
operation="open" profile="libvirt-e61ed540-1288-4920-97b1-2bdce72ab394"
name="/var/lib/libvirt/images/nvme1.qcow2" pid=12003 comm="qemu-system-x86"
requested_mask="r" denied_mask="r" fsuid=64055 ouid=64055
[56859.755260] audit: type=1400 audit(1527086862.876:124): apparmor="DENIED"
operation="open" profile="libvirt-e61ed540-1288-4920-97b1-2bdce72ab394"
name="/var/lib/libvirt/images/nvme1.qcow2" pid=12003 comm="qemu-system-x86"
requested_mask="wr" denied_mask="wr" fsuid=64055 ouid=64055
This did not occur last time I started a VM on this server (which was
about two weeks ago).
Cheers
Stephen
** Affects: libvirt (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1772936
Title:
Apparmor enforcment blocks image permissions in libvirtd
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1772936/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
