[Pkg-libvirt-maintainers] Bug#781473: virt-manager: Cannot create VM on localhost because AppArmor profile cannot, be loaded

u u at 451f.org
Sun Mar 29 18:17:37 UTC 2015 

Package: virt-manager
Version: 1:1.0.1-3
Severity: normal

Hi,

* What led up to the situation?

When I create a VM on localhost, with a simple ISO image, without a
harddisk,
this VM cannot be created.

* What was the outcome of this action?

I get an error message:

Installation could not be completed: «internal error: cannot load AppArmor
profile 'libvirt-e00238fb-5451-449a-b896-46e5b7842925'»

Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 91, in
cb_wrapper
    callback(asyncjob, *args, **kwargs)
  File "/usr/share/virt-manager/virtManager/create.py", line 1787, in
do_install
    guest.start_install(meter=meter)
  File "/usr/share/virt-manager/virtinst/guest.py", line 403, in
start_install
    noboot)
  File "/usr/share/virt-manager/virtinst/guest.py", line 467, in
_create_guest
    dom = self.conn.createLinux(start_xml or final_xml, 0)
  File "/usr/lib/python2.7/dist-packages/libvirt.py", line 3440, in
createLinux
    if ret is None:raise libvirtError('virDomainCreateLinux() failed',
conn=self)
libvirtError: internal error: cannot load AppArmor profile 'libvirt-
e00238fb-5451-449a-b896-46e5b7842925'


I can run remote VMs without any problem.

I have AppArmor enabled on my machine.
This libvirt profile is in enforce mode: /usr/lib/libvirt/virt-aa-helper


Here is the output of /var/log/auditd/audit.log:

type=AVC msg=audit(1427652769.444:4659): apparmor="DENIED" operation="open"
profile="/usr/lib/libvirt/virt-aa-helper" name="/etc/libnl-3/classid"
pid=12115
comm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
type=SYSCALL msg=audit(1427652769.444:4659): arch=c000003e syscall=2
success=no
exit=-13 a0=7f2155c1e930 a1=0 a2=1b6 a3=7f21538b0d5d items=0 ppid=1529
pid=12115 auid=4294967295 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0
fsgid=0 tty=(none) ses=4294967295 comm="virt-aa-helper"
exe="/usr/lib/libvirt
/virt-aa-helper" key=(null)
type=PROCTITLE msg=audit(1427652769.444:4659):
proctitle=2F7573722F6C69622F6C6962766972742F766972742D61612D68656C706572002D700030002D63002D75006C6962766972742D65303032333866622D353435312D343439612D623839362D343665356237383432393235
type=VIRT_RESOURCE msg=audit(1427652769.460:4660): pid=1529 uid=0
auid=4294967295 ses=4294967295 msg='virt=kvm resrc=disk reason=start
vm="debianwheezy" uuid=e00238fb-5451-449a-b896-46e5b7842925 old-disk="?"
new-
disk="/home/user/ISO/latest.iso" exe="/usr/sbin/libvirtd" hostname=? addr=?
terminal=? res=success'
type=VIRT_RESOURCE msg=audit(1427652769.460:4661): pid=1529 uid=0
auid=4294967295 ses=4294967295 msg='virt=kvm resrc=net reason=start
vm="debianwheezy" uuid=e00238fb-5451-449a-b896-46e5b7842925 old-net="?" new-
net="52:54:00:5c:b3:1c" exe="/usr/sbin/libvirtd" hostname=? addr=?
terminal=?
res=success'
type=VIRT_RESOURCE msg=audit(1427652769.460:4662): pid=1529 uid=0
auid=4294967295 ses=4294967295 msg='virt=kvm resrc=dev reason=start
vm="debianwheezy" uuid=e00238fb-5451-449a-b896-46e5b7842925 bus=usb
device=555342207265646972646576 exe="/usr/sbin/libvirtd" hostname=? addr=?
terminal=? res=success'
type=VIRT_RESOURCE msg=audit(1427652769.460:4663): pid=1529 uid=0
auid=4294967295 ses=4294967295 msg='virt=kvm resrc=dev reason=start
vm="debianwheezy" uuid=e00238fb-5451-449a-b896-46e5b7842925 bus=usb
device=555342207265646972646576 exe="/usr/sbin/libvirtd" hostname=? addr=?
terminal=? res=success'
type=VIRT_RESOURCE msg=audit(1427652769.460:4664): pid=1529 uid=0
auid=4294967295 ses=4294967295 msg='virt=kvm resrc=dev reason=start
vm="debianwheezy" uuid=e00238fb-5451-449a-b896-46e5b7842925 bus=usb
device=555342207265646972646576 exe="/usr/sbin/libvirtd" hostname=? addr=?
terminal=? res=success'
type=VIRT_RESOURCE msg=audit(1427652769.460:4665): pid=1529 uid=0
auid=4294967295 ses=4294967295 msg='virt=kvm resrc=dev reason=start
vm="debianwheezy" uuid=e00238fb-5451-449a-b896-46e5b7842925 bus=usb
device=555342207265646972646576 exe="/usr/sbin/libvirtd" hostname=? addr=?
terminal=? res=success'
type=VIRT_RESOURCE msg=audit(1427652769.460:4666): pid=1529 uid=0
auid=4294967295 ses=4294967295 msg='virt=kvm resrc=mem reason=start
vm="debianwheezy" uuid=e00238fb-5451-449a-b896-46e5b7842925 old-mem=0 new-
mem=1048576 exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=?
res=success'
type=VIRT_RESOURCE msg=audit(1427652769.460:4667): pid=1529 uid=0
auid=4294967295 ses=4294967295 msg='virt=kvm resrc=vcpu reason=start
vm="debianwheezy" uuid=e00238fb-5451-449a-b896-46e5b7842925 old-vcpu=0 new-
vcpu=1 exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=? res=success'
type=VIRT_CONTROL msg=audit(1427652769.460:4668): pid=1529 uid=0
auid=4294967295 ses=4294967295 msg='virt=kvm op=start reason=booted
vm="debianwheezy" uuid=e00238fb-5451-449a-b896-46e5b7842925 vm-pid=-1
exe="/usr/sbin/libvirtd" hostname=? addr=? terminal=? res=failed'



-- System Information:
Debian Release: 8.0
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages virt-manager depends on:
ii  librsvg2-common                              2.40.5-1
ii  virtinst                                     1:1.0.1-3

Versions of packages virt-manager recommends:
ii  libvirt-daemon           1.2.9-9

Versions of packages virt-manager suggests:
ii  virt-viewer          1.0-1

-- no debconf information

More information about the Pkg-libvirt-maintainers mailing list