I will be rebooting one of the physical hosts in a little more than an hour, I'll disable auto-start and try it.
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. Knowledgeable human assistance, not telephone trees or script readers. See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874. On Fri, 5 Jun 2020, Christian Ehrhardt wrote: > Date: Fri, 05 Jun 2020 05:34:26 -0000 > From: Christian Ehrhardt <1881...@bugs.launchpad.net> > To: nan...@eskimo.com > Subject: [Bug 1881969] Re: apparmor profile for libvirtd/libvirt-daemon needs > fixing > > Hmm, > virt-manager can still set up a lot of different guest configurations. > I've been using virt-manager guests as well and they don't show this. > > You said you see these messages after a reboot on auto-start. > Can you try to un-break this a bit. > > For example: > a) disable auto-starting the guests, does the libvirtd daemon still trigger > the denial at reboot? > b) if (a) didn't trigger it, then does it happen once you start the guests? > c) did you made any changes to /etc/libvirt/*? > d) if (b) is true does it happen for all the guests? > e) since the other bug report mentions scsi disks, does your host or guest > setup use scsi (or other less common disks)? > f) if you find a particular guest that triggers it, could you share the guest > xml definition? > ... > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1881969 > > Title: > apparmor profile for libvirtd/libvirt-daemon needs fixing > > Status in libvirt package in Ubuntu: > Incomplete > Status in libvirt package in Debian: > Incomplete > > Bug description: > Libvirtd is trying to use a capability being denied it by apparmor. > > [474656.842239] audit: type=1400 audit(1591211959.677:101): > apparmor="DENIED" operation="capable" profile="libvirtd" pid=3393444 > comm="libvirtd" capability=17 capname="sys_rawio" > > ProblemType: Bug > DistroRelease: Ubuntu 20.04 > Package: libvirt-daemon 6.0.0-0ubuntu8.1 > Uname: Linux 5.6.0 x86_64 > ApportVersion: 2.20.11-0ubuntu27.2 > Architecture: amd64 > CasperMD5CheckResult: skip > CurrentDesktop: MATE > Date: Wed Jun 3 14:01:30 2020 > InstallationDate: Installed on 2017-05-27 (1103 days ago) > InstallationMedia: Ubuntu-MATE 17.04 "Zesty Zapus" - Release amd64 (20170412) > SourcePackage: libvirt > UpgradeStatus: Upgraded to focal on 2020-04-26 (38 days ago) > modified.conffile..etc.libvirt.nwfilter.allow-arp.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.allow-dhcp-server.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.allow-dhcp.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.allow-incoming-ipv4.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.allow-ipv4.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.clean-traffic-gateway.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.clean-traffic.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.no-arp-ip-spoofing.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.no-arp-mac-spoofing.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.no-arp-spoofing.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.no-ip-multicast.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.no-ip-spoofing.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.no-mac-broadcast.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.no-mac-spoofing.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.no-other-l2-traffic.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.no-other-rarp-traffic.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.qemu-announce-self-rarp.xml: > [modified] > modified.conffile..etc.libvirt.nwfilter.qemu-announce-self.xml: [modified] > modified.conffile..etc.libvirt.qemu.networks.default.xml: [modified] > mtime.conffile..etc.libvirt.nwfilter.allow-arp.xml: > 2017-05-27T04:38:59.454073 > mtime.conffile..etc.libvirt.nwfilter.allow-dhcp-server.xml: > 2017-05-27T04:38:58.894071 > mtime.conffile..etc.libvirt.nwfilter.allow-dhcp.xml: > 2017-05-27T04:38:58.990072 > mtime.conffile..etc.libvirt.nwfilter.allow-incoming-ipv4.xml: > 2017-05-27T04:38:59.714073 > mtime.conffile..etc.libvirt.nwfilter.allow-ipv4.xml: > 2017-05-27T04:38:59.522073 > mtime.conffile..etc.libvirt.nwfilter.clean-traffic-gateway.xml: > 2018-10-27T01:48:21.872648 > mtime.conffile..etc.libvirt.nwfilter.clean-traffic.xml: > 2017-05-27T04:38:59.582073 > mtime.conffile..etc.libvirt.nwfilter.no-arp-ip-spoofing.xml: > 2017-05-27T04:38:58.942071 > mtime.conffile..etc.libvirt.nwfilter.no-arp-mac-spoofing.xml: > 2017-05-27T04:38:59.870074 > mtime.conffile..etc.libvirt.nwfilter.no-arp-spoofing.xml: > 2017-05-27T04:38:59.818074 > mtime.conffile..etc.libvirt.nwfilter.no-ip-multicast.xml: > 2017-05-27T04:38:59.110072 > mtime.conffile..etc.libvirt.nwfilter.no-ip-spoofing.xml: > 2017-05-27T04:38:59.178072 > mtime.conffile..etc.libvirt.nwfilter.no-mac-broadcast.xml: > 2017-05-27T04:38:59.774074 > mtime.conffile..etc.libvirt.nwfilter.no-mac-spoofing.xml: > 2017-05-27T04:38:59.254072 > mtime.conffile..etc.libvirt.nwfilter.no-other-l2-traffic.xml: > 2017-05-27T04:38:59.394073 > mtime.conffile..etc.libvirt.nwfilter.no-other-rarp-traffic.xml: > 2017-05-27T04:38:59.646073 > mtime.conffile..etc.libvirt.nwfilter.qemu-announce-self-rarp.xml: > 2017-05-27T04:38:59.050072 > mtime.conffile..etc.libvirt.nwfilter.qemu-announce-self.xml: > 2017-05-27T04:38:59.322073 > mtime.conffile..etc.libvirt.qemu.networks.default.xml: > 2017-05-27T04:38:58.478070 > > To manage notifications about this bug go to: > https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1881969/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1881969 Title: apparmor profile for libvirtd/libvirt-daemon needs fixing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1881969/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs