[Pkg-libvirt-maintainers] Bug#890084: libvirt: error : unable to set AppArmor profile
reusser
reusser.mb at gmail.com
Wed Oct 23 08:01:25 BST 2019
Package: libvirt-daemon-system
Version: 5.0.0-4
Followup-For: Bug #890084
Dear Maintainer,
this happened yesterday again. It is most likely related to a restart
of the host system.
After removing the apparmor.d profiles with zero length, the vm started as expected.
The bug report asks about the output of "sudo journalctl -u libvirtd.service" and the relevant
file timestamps:
Okt 22 18:06:47 h2700532 libvirtd[723]: Domain id=11 name='sambaDC' uuid=07fbaa3b-d6e8-494f-89e3-6802ee0cff16 is tainted: custom-argv
Okt 22 18:06:48 h2700532 libvirtd[723]: Child quit during startup handshake: Eingabe-/Ausgabefehler
Okt 22 18:06:48 h2700532 libvirtd[723]: internal error: Process exited prior to exec: libvirt: error : unable to set AppArmor profile 'libvirt-07fbaa3b-d6e8-494f-89e3
Okt 23 08:22:43 h2700532 libvirtd[723]: Domain id=12 name='vpnServer' uuid=b3279270-c20e-4aa6-9f8d-48859775e71e is tainted: custom-argv
Okt 23 08:22:43 h2700532 libvirtd[723]: Child quit during startup handshake: Eingabe-/Ausgabefehler
Okt 23 08:22:43 h2700532 libvirtd[723]: internal error: Process exited prior to exec: libvirt: error : unable to set AppArmor profile 'libvirt-b3279270-c20e-4aa6-9f8d
Okt 23 08:22:43 h2700532 libvirtd[723]: Failed to open file '/sys/class/net/vnet11/operstate': Datei oder Verzeichnis nicht gefunden
Okt 23 08:22:43 h2700532 libvirtd[723]: unable to read: /sys/class/net/vnet11/operstate: Datei oder Verzeichnis nicht gefunden
-rw-r--r-- 1 root root 0 Okt 22 17:51 /etc/apparmor.d/libvirt/libvirt-07fbaa3b-d6e8-494f-89e3-6802ee0cff16
-rw-r--r-- 1 root root 418 Okt 22 18:06 /etc/apparmor.d/libvirt/libvirt-07fbaa3b-d6e8-494f-89e3-6802ee0cff16.files
-rw-r--r-- 1 root root 0 Okt 22 17:51 /etc/apparmor.d/libvirt/libvirt-2360878a-5a72-4c1a-8117-2fef9023b26b
-rw-r--r-- 1 root root 466 Okt 22 17:56 /etc/apparmor.d/libvirt/libvirt-2360878a-5a72-4c1a-8117-2fef9023b26b.files
-rw-r--r-- 1 root root 0 Okt 22 17:51 /etc/apparmor.d/libvirt/libvirt-3a3bdf59-6dc4-4fd3-a0e3-a2a285a1bcfb
-rw-r--r-- 1 root root 417 Okt 22 17:56 /etc/apparmor.d/libvirt/libvirt-3a3bdf59-6dc4-4fd3-a0e3-a2a285a1bcfb.files
-rw-r--r-- 1 root root 351 Okt 22 17:56 /etc/apparmor.d/libvirt/libvirt-4132ad9b-0169-4422-b5cc-4d86864a154d
-rw-r--r-- 1 root root 783 Okt 22 17:56 /etc/apparmor.d/libvirt/libvirt-4132ad9b-0169-4422-b5cc-4d86864a154d.files
-rw-r--r-- 1 root root 351 Okt 22 17:56 /etc/apparmor.d/libvirt/libvirt-4e97abcc-9f65-4fa3-94dc-d6e67aaee349
-rw-r--r-- 1 root root 665 Okt 22 17:56 /etc/apparmor.d/libvirt/libvirt-4e97abcc-9f65-4fa3-94dc-d6e67aaee349.files
-rw-r--r-- 1 root root 0 Okt 22 17:51 /etc/apparmor.d/libvirt/libvirt-b3279270-c20e-4aa6-9f8d-48859775e71e
-rw-r--r-- 1 root root 432 Okt 23 08:22 /etc/apparmor.d/libvirt/libvirt-b3279270-c20e-4aa6-9f8d-48859775e71e.files
-rw-r--r-- 1 root root 351 Okt 22 17:56 /etc/apparmor.d/libvirt/libvirt-b99667b3-255b-4053-8232-75c6e570f3ee
-rw-r--r-- 1 root root 665 Okt 22 17:56 /etc/apparmor.d/libvirt/libvirt-b99667b3-255b-4053-8232-75c6e570f3ee.files
A first restart seems to have fails on Okt 22 at 17:50 with the
following entries in syslog:
Oct 22 17:50:47 h2700532 kernel: [ 18.569563] igb 0000:03:00.0 eno1: igb: eno1 NIC Link is Up 100 Mbps Full Duplex, Flow Control: RX
Oct 22 17:50:47 h2700532 kernel: [ 18.589008] IPv6: ADDRCONF(NETDEV_CHANGE): eno1: link becomes ready
Oct 22 17:50:47 h2700532 freshclam[644]: Tue Oct 22 17:50:47 2019 -> Reading CVD header (main.cvd): Tue Oct 22 17:50:47 2019 -> ^Can't get information about db.local.c
lamav.net: Temporary failure in name resolution
Oct 22 17:50:47 h2700532 freshclam[644]: Tue Oct 22 17:50:47 2019 -> ^Can't read main.cvd header from db.local.clamav.net (IP: )
Oct 22 17:50:47 h2700532 freshclam[644]: Tue Oct 22 17:50:47 2019 -> Trying again in 5 secs...
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@^@
^@^@^@
Nothing thereafter in the syslog.
And then a second restart occurs at 17:53, which then is successfull
The zero length file seems to come from the period of the unsuccessfull
restart.
-- System Information:
Debian Release: 10.1
APT prefers stable
APT policy: (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-6-amd64 (SMP w/8 CPU cores)
Locale: LANG=de_DE.utf8, LC_CTYPE=de_DE.utf8 (charmap=UTF-8) (ignored: LC_ALL set to de_DE.utf8), LANGUAGE=de_DE.utf8 (charmap=UTF-8) (ignored: LC_ALL set to de_DE.utf8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libvirt-daemon-system depends on:
ii adduser 3.118
ii debconf [debconf-2.0] 1.5.71
ii gettext-base 0.19.8.1-9
ii iptables 1.8.2-4
ii libacl1 2.2.53-4
ii libapparmor1 2.13.2-10
ii libaudit1 1:2.8.4-3
ii libblkid1 2.33.1-0.1
ii libc6 2.28-10
ii libcap-ng0 0.7.9-2
ii libdbus-1-3 1.12.16-1
ii libdevmapper1.02.1 2:1.02.155-3
ii libgnutls30 3.6.7-4
ii libnl-3-200 3.4.0-1
ii libnl-route-3-200 3.4.0-1
ii libnuma1 2.0.12-1
ii libselinux1 2.8-1+b1
ii libvirt-clients 5.0.0-4
ii libvirt-daemon 5.0.0-4
ii libvirt0 5.0.0-4
ii libxml2 2.9.4+dfsg1-7+b3
ii libyajl2 2.1.0-3
ii logrotate 3.14.0-4
ii lsb-base 10.2019051400
ii policykit-1 0.105-25
Versions of packages libvirt-daemon-system recommends:
ii dmidecode 3.2-1
ii dnsmasq-base [dnsmasq-base] 2.80-1
ii iproute2 4.20.0-2
ii parted 3.2-25
Versions of packages libvirt-daemon-system suggests:
ii apparmor 2.13.2-10
ii auditd 1:2.8.4-3
pn nfs-common <none>
ii open-iscsi 2.0.874-7.1
pn pm-utils <none>
pn radvd <none>
ii systemd 241-7~deb10u1
pn systemtap <none>
pn zfsutils <none>
-- Configuration Files:
/etc/apparmor.d/libvirt/TEMPLATE.qemu changed:
profile LIBVIRT_TEMPLATE flags=(attach_disconnected) {
#include <abstractions/libvirt-qemu>
/etc/libvirt/secret/** r,
/var/lib/libvirt/images/** rwk,
}
/etc/default/libvirt-guests changed:
START_DELAY=20
/etc/libvirt/nwfilter/allow-arp.xml [Errno 13] Keine Berechtigung: '/etc/libvirt/nwfilter/allow-arp.xml'
/etc/libvirt/nwfilter/allow-dhcp-server.xml [Errno 13] Keine Berechtigung: '/etc/libvirt/nwfilter/allow-dhcp-server.xml'
/etc/libvirt/nwfilter/allow-dhcp.xml [Errno 13] Keine Berechtigung: '/etc/libvirt/nwfilter/allow-dhcp.xml'
/etc/libvirt/nwfilter/allow-incoming-ipv4.xml [Errno 13] Keine Berechtigung: '/etc/libvirt/nwfilter/allow-incoming-ipv4.xml'
/etc/libvirt/nwfilter/allow-ipv4.xml [Errno 13] Keine Berechtigung: '/etc/libvirt/nwfilter/allow-ipv4.xml'
/etc/libvirt/nwfilter/clean-traffic-gateway.xml [Errno 13] Keine Berechtigung: '/etc/libvirt/nwfilter/clean-traffic-gateway.xml'
/etc/libvirt/nwfilter/clean-traffic.xml [Errno 13] Keine Berechtigung: '/etc/libvirt/nwfilter/clean-traffic.xml'
/etc/libvirt/nwfilter/no-arp-ip-spoofing.xml [Errno 13] Keine Berechtigung: '/etc/libvirt/nwfilter/no-arp-ip-spoofing.xml'
/etc/libvirt/nwfilter/no-arp-mac-spoofing.xml [Errno 13] Keine Berechtigung: '/etc/libvirt/nwfilter/no-arp-mac-spoofing.xml'
/etc/libvirt/nwfilter/no-arp-spoofing.xml [Errno 13] Keine Berechtigung: '/etc/libvirt/nwfilter/no-arp-spoofing.xml'
/etc/libvirt/nwfilter/no-ip-multicast.xml [Errno 13] Keine Berechtigung: '/etc/libvirt/nwfilter/no-ip-multicast.xml'
/etc/libvirt/nwfilter/no-ip-spoofing.xml [Errno 13] Keine Berechtigung: '/etc/libvirt/nwfilter/no-ip-spoofing.xml'
/etc/libvirt/nwfilter/no-mac-broadcast.xml [Errno 13] Keine Berechtigung: '/etc/libvirt/nwfilter/no-mac-broadcast.xml'
/etc/libvirt/nwfilter/no-mac-spoofing.xml [Errno 13] Keine Berechtigung: '/etc/libvirt/nwfilter/no-mac-spoofing.xml'
/etc/libvirt/nwfilter/no-other-l2-traffic.xml [Errno 13] Keine Berechtigung: '/etc/libvirt/nwfilter/no-other-l2-traffic.xml'
/etc/libvirt/nwfilter/no-other-rarp-traffic.xml [Errno 13] Keine Berechtigung: '/etc/libvirt/nwfilter/no-other-rarp-traffic.xml'
/etc/libvirt/nwfilter/qemu-announce-self-rarp.xml [Errno 13] Keine Berechtigung: '/etc/libvirt/nwfilter/qemu-announce-self-rarp.xml'
/etc/libvirt/nwfilter/qemu-announce-self.xml [Errno 13] Keine Berechtigung: '/etc/libvirt/nwfilter/qemu-announce-self.xml'
/etc/libvirt/qemu.conf [Errno 13] Keine Berechtigung: '/etc/libvirt/qemu.conf'
/etc/libvirt/qemu/networks/default.xml [Errno 13] Keine Berechtigung: '/etc/libvirt/qemu/networks/default.xml'
-- debconf information:
libvirt-daemon-system/id_warning: true
More information about the Pkg-libvirt-maintainers
mailing list