I think I lost it in posting the bug, but currently with even my less restrictive bits, the VM fails to start with the gallium error.
** Description changed: Based on 1815452, specifically the PPA from in Comment #17. First, trying gives me these apparmor denied entries (complete log in default_PPA_denies.log): Feb 27 09:32:18 desktop audit[14553]: AVC apparmor="DENIED" operation="open" profile="libvirt-26480e4e-9d51-476e-b329-657b2012c151" name="/sys/devices/pci0000:00/0000:00:03.1/0000:1c:00.0/uevent" pid=14553 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0 Feb 27 09:32:18 desktop kernel: audit: type=1400 audit(1551288738.289:191): apparmor="DENIED" operation="open" profile="libvirt-26480e4e-9d51-476e-b329-657b2012c151" name="/sys/devices/pci0000:00/0000:00:03.1/0000:1c:00.0/uevent" pid=14553 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0 Feb 27 09:32:18 desktop audit[14553]: AVC apparmor="DENIED" operation="open" profile="libvirt-26480e4e-9d51-476e-b329-657b2012c151" name="/proc/modules" pid=14553 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0 Feb 27 09:32:18 desktop audit[14553]: AVC apparmor="DENIED" operation="open" profile="libvirt-26480e4e-9d51-476e-b329-657b2012c151" name="/sys/bus/pci/devices/" pid=14553 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0 Feb 27 09:32:18 desktop kernel: audit: type=1400 audit(1551288738.429:192): apparmor="DENIED" operation="open" profile="libvirt-26480e4e-9d51-476e-b329-657b2012c151" name="/proc/modules" pid=14553 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0 Feb 27 09:32:18 desktop kernel: audit: type=1400 audit(1551288738.429:193): apparmor="DENIED" operation="open" profile="libvirt-26480e4e-9d51-476e-b329-657b2012c151" name="/sys/bus/pci/devices/" pid=14553 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0 Feb 27 09:32:18 desktop audit[14553]: AVC apparmor="DENIED" operation="open" profile="libvirt-26480e4e-9d51-476e-b329-657b2012c151" name="/usr/share/egl/egl_external_platform.d/" pid=14553 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0 Feb 27 09:32:18 desktop audit[14553]: AVC apparmor="DENIED" operation="open" profile="libvirt-26480e4e-9d51-476e-b329-657b2012c151" name="/sys/devices/pci0000:00/0000:00:03.1/0000:1c:00.0/uevent" pid=14553 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0 Feb 27 09:32:18 desktop kernel: audit: type=1400 audit(1551288738.509:194): apparmor="DENIED" operation="open" profile="libvirt-26480e4e-9d51-476e-b329-657b2012c151" name="/usr/share/egl/egl_external_platform.d/" pid=14553 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0 Feb 27 09:32:18 desktop kernel: audit: type=1400 audit(1551288738.509:195): apparmor="DENIED" operation="open" profile="libvirt-26480e4e-9d51-476e-b329-657b2012c151" name="/sys/devices/pci0000:00/0000:00:03.1/0000:1c:00.0/uevent" pid=14553 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0 Worked around them (or so I think) by adding to local/abstractions/libvirt-qemu: - /proc/modules r, - /proc/driver/nvidia/ r, - /proc/driver/nvidia/** r, - /usr/share/egl/ r, - /usr/share/egl/** r, - /sys/devices/** r, - /sys/devices/ r, - /dev/nvidiactl rw, + /proc/modules r, + /proc/driver/nvidia/ r, + /proc/driver/nvidia/** r, + /usr/share/egl/ r, + /usr/share/egl/** r, + /sys/devices/** r, + /sys/devices/ r, + /dev/nvidiactl rw, - This doesn't give anymore AppArmor denials, but does result in (full log in my_attempted_workaround.log): + This doesn't give anymore AppArmor denials, but fails to run and shows the following error (full log in my_attempted_workaround.log): Feb 27 09:40:16 desktop libvirtd[1468]: Unable to read from monitor: Connection reset by peer Feb 27 09:40:16 desktop libvirtd[1468]: internal error: qemu unexpectedly closed the monitor: qemu-system-x86_64: ../src/gallium/drivers/llvmpipe/lp_texture.c:499: llvmpipe_resource_get_handle: Assertion `lpr->dt' failed. - Other relevant bits: I'm using the nvidia 415 driver from the graphics-driver ppa. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1817943 Title: OpenGL accel dev work doesn't work on nvidia card To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1817943/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
