[Bug 1890858] Re: AppArmor profile causes QEMU/KVM - Not Connected

Tue, 29 Dec 2020 07:00:55 -0800 

# Clarify how to fix it #

Adding the network unix dgram, line works here:

1. revert /etc/apparmor.d/usr.sbin.libvirtd to the content delivered by the 
package in 20.04
   $ dpkg-query -W -f '${Conffiles}\n' libvirt-daemon-system | awk -vOFS="  " 
'/apparmor/{print $2,$1}' | LANG=C sudo md5sum -c 2>/dev/null
   /etc/apparmor.d/abstractions/libvirt-lxc: OK
   /etc/apparmor.d/abstractions/libvirt-qemu: OK
   /etc/apparmor.d/libvirt/TEMPLATE.lxc: OK
   /etc/apparmor.d/libvirt/TEMPLATE.qemu: OK
   /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper: OK
   /etc/apparmor.d/usr.sbin.libvirtd: OK

2. retry and verify the issue triggers
   $ virsh list
   error: failed to connect to the hypervisor
   error: End of file while reading data: Input/output error

3. restart libvirtd (systemctl restart libvirtd)
   $ sudo systemctl restart libvirtd

4. retry and verify the issue triggers still
   $ virsh list
   error: failed to connect to the hypervisor
   error: End of file while reading data: Input/output error

5. add this line above to /etc/apparmor.d/usr.sbin.libvirtd where the other 
network rules are
   $ cp /etc/apparmor.d/usr.sbin.libvirtd /tmp/usr.sbin.libvirtd.bak
   $ sudo sed -i -e '/^  network inet stream/i \ \ network unix dgram,' 
/etc/apparmor.d/usr.sbin.libvirtd             
   $ diff -p /tmp/usr.sbin.libvirtd.bak /etc/apparmor.d/usr.sbin.libvirtd
   *** /tmp/usr.sbin.libvirtd.bak  2020-12-29 14:46:26.716346230 +0000
   --- /etc/apparmor.d/usr.sbin.libvirtd   2020-12-29 14:48:58.816884722 +0000
   *************** profile libvirtd /usr/sbin/libvirtd flag
   *** 39,44 ****
   --- 39,45 ----
       mount options=(rw, move) /{,var/}run/libvirt/qemu/*.dev/ -> /dev/,
       mount options=(rw, move) /{,var/}run/libvirt/qemu/*{,/} -> /dev/**,
     
   +   network unix dgram,
       network inet stream,
       network inet dgram,
       network inet6 stream,

6. sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.libvirtd
   $ sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.libvirtd

7. restart libvirtd (systemctl restart libvirtd)
   $ sudo systemctl restart libvirtd

8. retry and verify the issue triggers still (or is it fixed now?)
   $ virsh list
    Id   Name   State
   --------------------

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1890858

Title:
  AppArmor profile causes QEMU/KVM - Not Connected

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1890858/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to