[Pkg-libvirt-maintainers] Bug#903348: libvirt-daemon-system: libvirt-guests.sh service can't connect on system shutdown when using polkit access driver

Fabricio teste at teste.com
Sun Jul 8 22:59:33 BST 2018 

Package: libvirt-daemon-system
Version: 3.0.0-4+deb9u3
Severity: normal

Dear Maintainer,

libvirt-guests service can't connect to qemu:///system on system shutdown when
using polkit auth_driver.

Steps to reproduce:

1 - Activate polkit access driver (access_drivers = [ "polkit" ]
[/etc/libvirt/libvirtd.conf])

2 - Do the apropriate configuration (.pkla files, as debian still uses 1.05)

3 - Shutdown the system. Service libvirt-guests reports: "Unable to connect to
libvirt currently. Retrying .."

Related libvirt log message:

2018-07-08 20:44:28.092+0000: 867: info : virDBusCall:1548 : DBUS_METHOD_CALL:
'org.freedesktop.PolicyKit1.Authority.CheckAuthorization' on
'/org/freedesktop/PolicyKit1/Authority' at 'org.freedesktop.PolicyKit1'
2018-07-08 20:44:28.092+0000: 867: info : virDBusCall:1558 : DBUS_METHOD_ERROR:
'org.freedesktop.PolicyKit1.Authority.CheckAuthorization' on
'/org/freedesktop/PolicyKit1/Authority' at 'org.freedesktop.PolicyKit1' error
org.freedesktop.systemd1.ShuttingDown: Refusing activation, D-Bus is shutting
down.
2018-07-08 20:44:28.092+0000: 867: error : virDBusCall:1570 : error from
service: CheckAuthorization: Refusing activation, D-Bus is shutting down.


From the libvirt's log messages i have found that it seems polkitd services
stops before libvirt-guests shutdown. So, adding the following line to the unit
section in/lib/systemd/system/libvirt-guests.services solved the problem:

After=polkit.service

Ragards



-- System Information:
Debian Release: 9.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.9.0-6-amd64 (SMP w/4 CPU cores)
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8), LANGUAGE=pt_BR.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libvirt-daemon-system depends on:
ii  adduser                3.115
ii  debconf [debconf-2.0]  1.5.61
ii  gettext-base           0.19.8.1-2
ii  init-system-helpers    1.48
ii  iptables               1.6.0+snapshot20161117-6
ii  libapparmor1           2.11.0-3+deb9u2
ii  libaudit1              1:2.6.7-2
ii  libblkid1              2.29.2-1+deb9u1
ii  libc6                  2.24-11+deb9u3
ii  libcap-ng0             0.7.7-3+b1
ii  libdbus-1-3            1.10.26-0+deb9u1
ii  libdevmapper1.02.1     2:1.02.137-2
ii  libnl-3-200            3.2.27-2
ii  libnl-route-3-200      3.2.27-2
ii  libnuma1               2.0.11-2.1
ii  librados2              10.2.5-7.2
ii  librbd1                10.2.5-7.2
ii  libselinux1            2.6-3+b3
ii  libvirt-clients        3.0.0-4+deb9u3
ii  libvirt-daemon         3.0.0-4+deb9u3
ii  libvirt0               3.0.0-4+deb9u3
ii  libxml2                2.9.4+dfsg1-2.2+deb9u2
ii  libyajl2               2.1.0-2+b3
ii  logrotate              3.11.0-0.1
ii  lsb-base               9.20161125
ii  policykit-1            0.105-18

Versions of packages libvirt-daemon-system recommends:
ii  bridge-utils  1.5-13+deb9u1
ii  dmidecode     3.0-4
ii  dnsmasq-base  2.76-5+deb9u1
ii  ebtables      2.0.10.4-3.5+b1
ii  iproute2      4.9.0-1+deb9u1
ii  parted        3.2-17

Versions of packages libvirt-daemon-system suggests:
ii  apparmor    2.11.0-3+deb9u2
pn  auditd      <none>
pn  nfs-common  <none>
pn  pm-utils    <none>
pn  radvd       <none>
ii  systemd     232-25+deb9u3
pn  systemtap   <none>
pn  zfsutils    <none>

-- Configuration Files:
/etc/libvirt/libvirtd.conf changed [not included]
/etc/libvirt/nwfilter/allow-arp.xml [Errno 13] Permissão negada: '/etc/libvirt/nwfilter/allow-arp.xml'
/etc/libvirt/nwfilter/allow-dhcp-server.xml [Errno 13] Permissão negada: '/etc/libvirt/nwfilter/allow-dhcp-server.xml'
/etc/libvirt/nwfilter/allow-dhcp.xml [Errno 13] Permissão negada: '/etc/libvirt/nwfilter/allow-dhcp.xml'
/etc/libvirt/nwfilter/allow-incoming-ipv4.xml [Errno 13] Permissão negada: '/etc/libvirt/nwfilter/allow-incoming-ipv4.xml'
/etc/libvirt/nwfilter/allow-ipv4.xml [Errno 13] Permissão negada: '/etc/libvirt/nwfilter/allow-ipv4.xml'
/etc/libvirt/nwfilter/clean-traffic.xml [Errno 13] Permissão negada: '/etc/libvirt/nwfilter/clean-traffic.xml'
/etc/libvirt/nwfilter/no-arp-ip-spoofing.xml [Errno 13] Permissão negada: '/etc/libvirt/nwfilter/no-arp-ip-spoofing.xml'
/etc/libvirt/nwfilter/no-arp-mac-spoofing.xml [Errno 13] Permissão negada: '/etc/libvirt/nwfilter/no-arp-mac-spoofing.xml'
/etc/libvirt/nwfilter/no-arp-spoofing.xml [Errno 13] Permissão negada: '/etc/libvirt/nwfilter/no-arp-spoofing.xml'
/etc/libvirt/nwfilter/no-ip-multicast.xml [Errno 13] Permissão negada: '/etc/libvirt/nwfilter/no-ip-multicast.xml'
/etc/libvirt/nwfilter/no-ip-spoofing.xml [Errno 13] Permissão negada: '/etc/libvirt/nwfilter/no-ip-spoofing.xml'
/etc/libvirt/nwfilter/no-mac-broadcast.xml [Errno 13] Permissão negada: '/etc/libvirt/nwfilter/no-mac-broadcast.xml'
/etc/libvirt/nwfilter/no-mac-spoofing.xml [Errno 13] Permissão negada: '/etc/libvirt/nwfilter/no-mac-spoofing.xml'
/etc/libvirt/nwfilter/no-other-l2-traffic.xml [Errno 13] Permissão negada: '/etc/libvirt/nwfilter/no-other-l2-traffic.xml'
/etc/libvirt/nwfilter/no-other-rarp-traffic.xml [Errno 13] Permissão negada: '/etc/libvirt/nwfilter/no-other-rarp-traffic.xml'
/etc/libvirt/nwfilter/qemu-announce-self-rarp.xml [Errno 13] Permissão negada: '/etc/libvirt/nwfilter/qemu-announce-self-rarp.xml'
/etc/libvirt/nwfilter/qemu-announce-self.xml [Errno 13] Permissão negada: '/etc/libvirt/nwfilter/qemu-announce-self.xml'
/etc/libvirt/qemu.conf [Errno 13] Permissão negada: '/etc/libvirt/qemu.conf'
/etc/libvirt/qemu/networks/default.xml [Errno 13] Permissão negada: '/etc/libvirt/qemu/networks/default.xml'

-- debconf information excluded

More information about the Pkg-libvirt-maintainers mailing list