Public bug reported:
Host: ubuntu 14.04 amd64, Mac mini 16GB.
* Prepare an Ubuntu 14.04 guest rootfs
* Define an LXC instance using libvirt XML (see below)
* virsh start -c lxc: <domain>
* virsh destroy -c lxc: <domain>
gives the following error:
$ virsh -c lxc: destroy gold-lxc-20140717
error: Failed to destroy domain gold-lxc-20140717
error: Failed to kill process 18636: Permission denied
and the following logged in /var/log/syslog on the host:
Jul 25 15:21:22 kit1 kernel: [ 7735.523579] type=1400 audit(1406301682.520:40):
apparmor="DENIED" operation="signal" profile="/sbin/dhclient" pid=17503
comm="libvirtd" requested_mask="receive" denied_mask="receive" signal=term
peer="/usr/sbin/libvirtd"
Jul 25 15:21:22 kit1 kernel: [ 7735.523756] type=1400 audit(1406301682.520:41):
apparmor="DENIED" operation="signal" profile="/sbin/dhclient" pid=17503
comm="libvirtd" requested_mask="receive" denied_mask="receive" signal=term
peer="/usr/sbin/libvirtd"
The guest has an eth0 vnet NIC which is attached to a bridge on the
host, and picks up an IP address through DHCP. It appears that libvirtd
is being prevented from shutting down this dhclient process by apparmor,
and this in turn aborts the whole 'destroy' operation.
Workaround: kill the dhclient process by hand, before issuing the virsh
destroy.
(There is unfortunately no lxc:///session like qemu:///session to bypass
libvirtd).
Full XML:
<domain type='lxc' id='16776'>
<name>gold-lxc-20140717</name>
<uuid>b2a02d49-bb1e-4aec-81d1-58910892780e</uuid>
<memory unit='KiB'>327680</memory>
<currentMemory unit='KiB'>327680</currentMemory>
<memtune>
<hard_limit unit='KiB'>524288</hard_limit>
</memtune>
<vcpu placement='static'>1</vcpu>
<resource>
<partition>/machine</partition>
</resource>
<os>
<type arch='x86_64'>exe</type>
<init>/sbin/init</init>
</os>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/lib/libvirt/libvirt_lxc</emulator>
<filesystem type='mount' accessmode='passthrough'>
<source dir='/data1/lxc/gold-20140717/rootfs'/>
<target dir='/'/>
</filesystem>
<interface type='bridge'>
<mac address='52:54:5d:00:0a:88'/>
<source bridge='br-lan'/>
<target dev='vnet0'/>
</interface>
<console type='pty' tty='/dev/pts/1'>
<source path='/dev/pts/1'/>
<target type='lxc' port='0'/>
<alias name='console0'/>
</console>
</devices>
<seclabel type='none'/>
</domain>
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: libvirt-bin 1.2.2-0ubuntu13.1.1
ProcVersionSignature: Ubuntu 3.13.0-32.57-generic 3.13.11.4
Uname: Linux 3.13.0-32-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.2
Architecture: amd64
Date: Fri Jul 25 15:18:44 2014
InstallationDate: Installed on 2014-07-16 (8 days ago)
InstallationMedia: Ubuntu-Server 14.04 LTS "Trusty Tahr" - Release amd64
(20140416.2)
SourcePackage: libvirt
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.libvirt.qemu.conf: [inaccessible: [Errno 13] Permission
denied: '/etc/libvirt/qemu.conf']
** Affects: libvirt (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug trusty
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in Ubuntu.
https://bugs.launchpad.net/bugs/1348698
Title:
libvirtd with lxc: cannot destroy domain (apparmor blocks kill signal)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1348698/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
