[Pkg-libvirt-maintainers] Bug#971837: libvirt-daemon: apparmor error when creating VM
Paul Slootman
paul at debian.org
Thu Oct 8 12:45:51 BST 2020
Package: libvirt-daemon
Version: 5.0.0-4+deb10u1
Severity: normal
I tried creating a VM as follows:
-------------
# virt-install --accelerate --hvm --connect qemu:///system \
--cdrom /usr/local/lib/faime-XXXXXXXX.iso --os-variant debian10 \
--name vm008-0 \
--disk path=/var/lib/libvirt/images/vm008-0,size=6 \
--graphics=vnc,listen=0.0.0.0,port=5900 \
--ram 2048 \
--network bridge=br0,model=virtio \
--network bridge=brnfs,model=virtio \
--noreboot
WARNING Unable to connect to graphical console: virt-viewer not installed. Please install the 'virt-viewer' package.
WARNING No console to launch for the guest, defaulting to --wait -1
Starting install...
Allocating 'vm008-0' | 6.0 GB 00:00
ERROR internal error: cannot load AppArmor profile 'libvirt-cf414ff7-d783-449b-a0c8-6169ec41dfca'
Removing disk 'vm008-0' | 0 B 00:00
Domain installation does not appear to have been successful.
If it was, you can restart your domain by running:
virsh --connect qemu:///system start vm008-0
otherwise, please restart your installation.
-------------
Note the "cannot load AppArmor profile".
I have verified that editing /etc/libvirt/qemu.conf and adding
security_driver="none'
removes this error, however I would prefer having apparmor active.
There is a line in /etc/apparmor.d/usr.sbin.libvirtd :
change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
which should match the profile filename given in the error message.
The system is up to date with buster as of today.
Please help fixing this problem.
Thanks,
Paul
-- System Information:
Debian Release: 10.6
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-11-amd64 (SMP w/16 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libvirt-daemon depends on:
ii libacl1 2.2.53-4
ii libapparmor1 2.13.2-10
ii libaudit1 1:2.8.4-3
ii libavahi-client3 0.7-4+b1
ii libavahi-common3 0.7-4+b1
ii libblkid1 2.33.1-0.1
ii libc6 2.28-10
ii libcap-ng0 0.7.9-2
ii libcurl3-gnutls 7.64.0-4+deb10u1
ii libdbus-1-3 1.12.20-0+deb10u1
ii libdevmapper1.02.1 2:1.02.155-3
ii libfuse2 2.9.9-1+deb10u1
ii libgcc1 1:8.3.0-6
ii libgnutls30 3.6.7-4+deb10u5
ii libnetcf1 1:0.2.8-1+b2
ii libnl-3-200 3.4.0-1
ii libnl-route-3-200 3.4.0-1
ii libnuma1 2.0.12-1
ii libparted2 3.2-25
ii libpcap0.8 1.8.1-6
ii libpciaccess0 0.14-1
ii libsasl2-2 2.1.27+dfsg-1+deb10u1
ii libselinux1 2.8-1+b1
ii libssh2-1 1.8.0-2.1
ii libudev1 241-7~deb10u4
ii libvirt0 5.0.0-4+deb10u1
ii libxenmisc4.11 4.11.4+37-g3263f257ca-1
ii libxenstore3.0 4.11.4+37-g3263f257ca-1
ii libxenstore3.0 4.11.4+37-g3263f257ca-1
ii libxentoollog1 4.11.4+37-g3263f257ca-1
ii libxml2 2.9.4+dfsg1-7+b3
ii libyajl2 2.1.0-3
Versions of packages libvirt-daemon recommends:
pn libxml2-utils <none>
ii netcat-openbsd 1.195-2
ii qemu-kvm 1:3.1+dfsg-8+deb10u8
Versions of packages libvirt-daemon suggests:
pn libvirt-daemon-driver-storage-gluster <none>
pn libvirt-daemon-driver-storage-rbd <none>
pn libvirt-daemon-driver-storage-zfs <none>
ii libvirt-daemon-system 5.0.0-4+deb10u1
pn numad <none>
More information about the Pkg-libvirt-maintainers
mailing list