[Pkg-libvirt-maintainers] Bug#1094583: libvirt-daemon-driver-qemu: apparmor template missing from filesystem

Kevin Otte nivex at nivex.net
Wed Jan 29 02:20:38 GMT 2025 

I had tried doing an "apt --reinstall install ..." of the package to get 
the configuration to no avail. Ultimately I had to do a "dpkg 
--force-confmiss -i ..." to get the files.

This was an upgrade from the previous version in testing, so it may be 
something to be aware of in the upgrade process.

On 1/28/25 21:10, Alban Browaeys wrote:
> On Tue, 28 Jan 2025 19:28:24 -0500 Kevin Otte <[nivex at nivex.net](mailto:nivex at nivex.net)> wrote:
>> Package: libvirt-daemon-driver-qemu
>> Version: 11.0.0-1
>> Severity: grave
>> Justification: renders package unusable
>>   
>> Dear Maintainer,
>>   
>> The package manifest includes an AppArmor template, but it is not seen on the filesystem after the package is installed:
>>   
>> [root at saratoga](mailto:root at saratoga):/tmp# dpkg -L libvirt-daemon-driver-qemu | grep -i template
>> /etc/apparmor.d/libvirt/TEMPLATE.qemu
>> [root at saratoga](mailto:root at saratoga):/tmp# ls -l /etc/apparmor.d/libvirt/
>> total 0
> 
> I cannot reproduce
> ii  libvirt-daemon-driver-qemu 11.0.0-1     amd64        Virtualization daemon QEMU connection driver
> 
> ls -l /etc/apparmor.d/libvirt/TEMPLATE.qemu
> -rw-r--r-- 1 root root 192  2 sept. 11:47 /etc/apparmor.d/libvirt/TEMPLATE.qemu
> 
> Either way if the template is shipped by the package it is not a package bug if the file is missing after installation.
> Still it could be an dpkg/apt bug but unlikely.
> 
> Could it be you were running out of space on the /etc partition while installing or had a crash that corrupted
> this filesystem while installing ?
> 
> https://packages.debian.org/trixie/amd64/libvirt-daemon-driver-qemu/filelist shows the apparmor template is shipped
> 
> downloading
> http://http.us.debian.org/debian/pool/main/libv/libvirt/libvirt-daemon-driver-qemu_11.0.0-1_amd64.deb
> and opening it with file-roller shows inside of it an /etc/apparmor.d/libvirt/TEMPLATE.qemu file with content: "
> #
> # This profile is for the domain whose UUID matches this file.
> #
> 
> #include <tunables/global>
> 
> profile LIBVIRT_TEMPLATE flags=(attach_disconnected) {
>    #include <abstractions/libvirt-qemu>
> }
> "
> 
> This bug looks like a local system issue.
> 
> Cheers,
> Alban
> 
>> This has the effect of rendering virt-install/virt-manager unable to deploy any new VMs:
>>   
>> Unable to complete install: 'internal error: cannot load AppArmor profile 'libvirt-f9987331-aa46-412e-baf0-bdef4b5a631e''
>>   
>> Traceback (most recent call last):
>>     File "/usr/share/virt-manager/virtManager/asyncjob.py", line 71, in cb_wrapper
>>       callback(asyncjob, *args, **kwargs)
>>       ~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>     File "/usr/share/virt-manager/virtManager/createvm.py", line 2008, in _do_async_install
>>       installer.start_install(guest, meter=meter)
>>       ~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^
>>     File "/usr/share/virt-manager/virtinst/install/installer.py", line 726, in start_install
>>       domain = self._create_guest(
>>               guest, meter, initial_xml, final_xml,
>>               doboot, transient)
>>     File "/usr/share/virt-manager/virtinst/install/installer.py", line 667, in _create_guest
>>       domain = self.conn.createXML(initial_xml or final_xml, 0)
>>     File "/usr/lib/python3/dist-packages/libvirt.py", line 4545, in createXML
>>       raise libvirtError('virDomainCreateXML() failed')
>> libvirt.libvirtError: internal error: cannot load AppArmor profile 'libvirt-f9987331-aa46-412e-baf0-bdef4b5a631e'
>>   
>>   
>> 2025-01-28T11:21:15.809798-05:00 saratoga libvirtd[1025]: internal error: Child process (LIBVIRT_LOG_OUTPUTS=3:stderr /usr/lib/libvirt/virt-aa-helper -c -u lib
>> virt-f9987331-aa46-412e-baf0-bdef4b5a631e) unexpected exit status 1: virt-aa-helper: error: template does not exist#012virt-aa-helper: error: could not create
>> profile
>> 2025-01-28T11:21:15.809885-05:00 saratoga libvirtd[1025]: internal error: cannot load AppArmor profile 'libvirt-f9987331-aa46-412e-baf0-bdef4b5a631e'
>>   
>>   
>> -- System Information:
>> Debian Release: trixie/sid
>>     APT prefers testing
>>     APT policy: (500, 'testing')
>> Architecture: amd64 (x86_64)
>>   
>> Kernel: Linux 6.12.10-amd64 (SMP w/4 CPU threads; PREEMPT)
>> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
>> Shell: /bin/sh linked to /usr/bin/dash
>> Init: systemd (via /run/systemd/system)
>> LSM: AppArmor: enabled
>>   
>> Versions of packages libvirt-daemon-driver-qemu depends on:
>> ii  adduser                     3.137
>> ii  debconf [debconf-2.0]       1.5.89
>> ii  libc6                       2.40-6
>> ii  libgcc-s1                   14.2.0-12
>> ii  libglib2.0-0t64             2.82.4-2
> 
>

More information about the Pkg-libvirt-maintainers mailing list