[Pkg-libvirt-maintainers] Bug#900611: Re[2]: Bug#900611: libvirt-daemon-system: deamon not start, problem in apparmor config

rem_lex rem_alexey at mail.ru
Tue Jun 5 16:57:23 BST 2018 

libvirtd can't start:

Jun  1 23:25:22 shome libvirtd[1936]: libvirt version: 1.2.9, package: 9+deb8u4 (buildd 2017-03-29-21:11:06 binet)
Jun  1 23:25:22 shome libvirtd[1936]: Unable to initialize audit layer: Отказано в доступе
Jun  1 23:25:22 shome kernel: [   29.187281] audit: type=1400 audit(1527884722.116:9): apparmor="DENIED" operation="create" profile="/usr/sbin/libvirtd" pid=1936 comm="libvirtd" family="netlink" sock_type="raw" protocol=9 requested_mask="create" denied_mask="create"
Jun  1 23:25:22 shome libvirtd[1936]: cannot connect to netlink socket with protocol 0: Отказано в доступе
Jun  1 23:25:22 shome kernel: [   29.689092] audit: type=1400 audit(1527884722.795:10): apparmor="DENIED" operation="create" profile="/
usr/sbin/libvirtd" pid=1936 comm="libvirtd" family="netlink" sock_type="raw" protocol=0 requested_mask="create" denied_mask="create"
Jun  1 23:25:23 shome systemd[1]: libvirtd.service: main process exited, code=exited, status=6/NOTCONFIGURED
Jun  1 23:25:23 shome systemd[1]: Failed to start Virtualization daemon.
Jun  1 23:25:23 shome systemd[1]: Unit libvirtd.service entered failed state.
Jun  1 23:25:23 shome systemd[1]: Starting Suspend Active Libvirt Guests...
Jun  1 23:25:23 shome systemd[1]: Started Suspend Active Libvirt Guests.
Jun  1 23:25:23 shome systemd[1]: libvirtd.service holdoff time over, scheduling restart.
Jun  1 23:25:23 shome systemd[1]: Stopping Virtualization daemon...

fixed by add in to file /etc/apparmor.d/usr.sbin.libvirtd at line 39
///
diff -au ./usr.sbin.libvirtd.old ./usr.sbin.libvirtd.new
--- ./usr.sbin.libvirtd.old     2018-03-12 20:11:00.000000000 +0200
+++ ./usr.sbin.libvirtd.new     2018-06-02 01:28:10.000000000 +0300
@@ -36,6 +36,7 @@
   network inet6 dgram,
   network packet dgram,
   network packet raw,
+  network netlink raw,

   # Very lenient profile for libvirtd since we want to first focus on confining
   # the guests. Guests will have a very restricted profile.
///

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-libvirt-maintainers/attachments/20180605/a330d031/attachment.html>

More information about the Pkg-libvirt-maintainers mailing list