[Pkg-libvirt-maintainers] Bug#916587: AppArmor breaks virtio-gpu + virgl

Francois Gouget fgouget at free.fr
Thu Jan 10 00:03:56 GMT 2019 

Thanks for posting this to the Debian bug list. It did indeed make 
finding it easier!

Unfortunately I'm still getting the same error after modifying 
/etc/apparmor.d/libvirt/TEMPLATE.qemu. Maybe I missed something.
Here's my file:

-----

#include <tunables/global>

profile LIBVIRT_TEMPLATE flags=(attach_disconnected) {
  #include <abstractions/libvirt-qemu>

  /dev/dri/ r,
  /dev/dri/renderD128 rw,
  /etc/drirc r,
  /{etc,usr/share}/glvnd/egl_vendor.d/ r,
  /{etc,usr/share}/glvnd/egl_vendor.d/*.json r,
  /sys/devices/pci[0-9]*/**/{device,subsystem_device,subsystem_vendor,uevent,vendor} r,
  /usr/lib/x86_64-linux-gnu/dri/*_dri.so m,
}
-----

The errors are the same you were getting:

2019-01-10T00:01:34.834520Z qemu-system-x86_64: egl: no drm render node available
2019-01-10T00:01:34.834548Z qemu-system-x86_64: Failed to initialize EGL render node for SPICE GL


And kern.log has these audit entries:

Jan 10 01:01:34 amboise kernel: [225665.603042] audit: type=1400 audit(1547078494.295:809): apparmor="STATUS" operation="profile_load" profile="unconfined" name="libvirt-c1cd8951-9ae3-4a76-a364-69f648d51447" pid=32064 comm="apparmor_parser"
Jan 10 01:01:34 amboise kernel: [225665.728974] audit: type=1400 audit(1547078494.423:810): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="libvirt-c1cd8951-9ae3-4a76-a364-69f648d51447" pid=32067 comm="apparmor_parser"
Jan 10 01:01:34 amboise kernel: [225665.868380] audit: type=1400 audit(1547078494.563:811): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="libvirt-c1cd8951-9ae3-4a76-a364-69f648d51447" pid=32070 comm="apparmor_parser"
Jan 10 01:01:34 amboise kernel: [225665.977689] audit: type=1400 audit(1547078494.671:812): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="libvirt-c1cd8951-9ae3-4a76-a364-69f648d51447" pid=32073 comm="apparmor_parser"
Jan 10 01:01:34 amboise kernel: [225666.077274] audit: type=1400 audit(1547078494.771:813): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="libvirt-c1cd8951-9ae3-4a76-a364-69f648d51447" pid=32112 comm="apparmor_parser"
Jan 10 01:01:35 amboise kernel: [225666.357611] audit: type=1400 audit(1547078495.051:814): apparmor="STATUS" operation="profile_remove" profile="unconfined" name="libvirt-c1cd8951-9ae3-4a76-a364-69f648d51447" pid=32123 comm="apparmor_parser"


-- 
Francois Gouget <fgouget at free.fr>              http://fgouget.free.fr/
                         Stolen from an Internet user:
              "f u cn rd ths, u cn gt a gd jb n cmptr prgrmmng !"

More information about the Pkg-libvirt-maintainers mailing list