[Pkg-libvirt-maintainers] Bug#1094583: libvirt-daemon-driver-qemu: apparmor template missing from filesystem

[Alban Browaeys]

Le mardi 28 janvier 2025 à 21:20 -0500, Kevin Otte a écrit :
> I had tried doing an "apt --reinstall install ..." of the package to
> get 
> the configuration to no avail. Ultimately I had to do a "dpkg 
> --force-confmiss -i ..." to get the files.
> 
> This was an upgrade from the previous version in testing, so it may
> be 
> something to be aware of in the upgrade process.
> 

I was also upgrading in testing (Trixie) from libvirt-daemon-driver-
qemu 10.10.0-3.

The apparmor template was already shipped by
https://snapshot.debian.org/package/libvirt/10.7.0-3/#libvirt-daemon-driver-qemu_10.7.0-3
but not by 
https://snapshot.debian.org/package/libvirt/10.5.0-1/#libvirt-daemon-driver-qemu_10.5.0-1

Though as far as I know a conffile that was not deleted by an user (or
a FS corruption) is automatically installed when included in the
package. I doubt there is an apt perference/ dpkg option that prevents
new conffiles from installing but I did not check.

Maybe
https://unix.stackexchange.com/questions/736439/files-defined-in-conffiles-not-installed-on-first-install
ie you might have tweaked the apparmor template then uninstalled the
package before reinstalling?

Cheers,
Alban


> On 1/28/25 21:10, Alban Browaeys wrote:
> > On Tue, 28 Jan 2025 19:28:24 -0500 Kevin Otte
> > <[nivex at nivex.net](mailto:nivex at nivex.net)> wrote:
> > > Package: libvirt-daemon-driver-qemu
> > > Version: 11.0.0-1
> > > Severity: grave
> > > Justification: renders package unusable
> > >   
> > > Dear Maintainer,
> > >   
> > > The package manifest includes an AppArmor template, but it is not
> > > seen on the filesystem after the package is installed:
> > >   
> > > [root at saratoga](mailto:root at saratoga):/tmp# dpkg -L libvirt-
> > > daemon-driver-qemu | grep -i template
> > > /etc/apparmor.d/libvirt/TEMPLATE.qemu
> > > [root at saratoga](mailto:root at saratoga):/tmp# ls -l
> > > /etc/apparmor.d/libvirt/
> > > total 0
> > 
> > I cannot reproduce
> > ii  libvirt-daemon-driver-qemu 11.0.0-1     amd64       
> > Virtualization daemon QEMU connection driver
> > 
> > ls -l /etc/apparmor.d/libvirt/TEMPLATE.qemu
> > -rw-r--r-- 1 root root 192  2 sept. 11:47
> > /etc/apparmor.d/libvirt/TEMPLATE.qemu
> > 
> > Either way if the template is shipped by the package it is not a
> > package bug if the file is missing after installation.
> > Still it could be an dpkg/apt bug but unlikely.
> > 
> > Could it be you were running out of space on the /etc partition
> > while installing or had a crash that corrupted
> > this filesystem while installing ?
> > 
> > https://packages.debian.org/trixie/amd64/libvirt-daemon-driver-qemu/filelist
> >  shows the apparmor template is shipped
> > 
> > downloading
> > http://http.us.debian.org/debian/pool/main/libv/libvirt/libvirt-daemon-driver-qemu_11.0.0-1_amd64.deb
> > and opening it with file-roller shows inside of it an
> > /etc/apparmor.d/libvirt/TEMPLATE.qemu file with content: "
> > #
> > # This profile is for the domain whose UUID matches this file.
> > #
> > 
> > #include <tunables/global>
> > 
> > profile LIBVIRT_TEMPLATE flags=(attach_disconnected) {
> >    #include <abstractions/libvirt-qemu>
> > }
> > "
> > 
> > This bug looks like a local system issue.
> > 
> > Cheers,
> > Alban
> > 
> > > This has the effect of rendering virt-install/virt-manager unable
> > > to deploy any new VMs:
> > >   
> > > Unable to complete install: 'internal error: cannot load AppArmor
> > > profile 'libvirt-f9987331-aa46-412e-baf0-bdef4b5a631e''
> > >   
> > > Traceback (most recent call last):
> > >     File "/usr/share/virt-manager/virtManager/asyncjob.py", line
> > > 71, in cb_wrapper
> > >       callback(asyncjob, *args, **kwargs)
> > >       ~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^
> > >     File "/usr/share/virt-manager/virtManager/createvm.py", line
> > > 2008, in _do_async_install
> > >       installer.start_install(guest, meter=meter)
> > >       ~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^
> > >     File "/usr/share/virt-manager/virtinst/install/installer.py",
> > > line 726, in start_install
> > >       domain = self._create_guest(
> > >               guest, meter, initial_xml, final_xml,
> > >               doboot, transient)
> > >     File "/usr/share/virt-manager/virtinst/install/installer.py",
> > > line 667, in _create_guest
> > >       domain = self.conn.createXML(initial_xml or final_xml, 0)
> > >     File "/usr/lib/python3/dist-packages/libvirt.py", line 4545,
> > > in createXML
> > >       raise libvirtError('virDomainCreateXML() failed')
> > > libvirt.libvirtError: internal error: cannot load AppArmor
> > > profile 'libvirt-f9987331-aa46-412e-baf0-bdef4b5a631e'
> > >   
> > >   
> > > 2025-01-28T11:21:15.809798-05:00 saratoga libvirtd[1025]:
> > > internal error: Child process (LIBVIRT_LOG_OUTPUTS=3:stderr
> > > /usr/lib/libvirt/virt-aa-helper -c -u lib
> > > virt-f9987331-aa46-412e-baf0-bdef4b5a631e) unexpected exit status
> > > 1: virt-aa-helper: error: template does not exist#012virt-aa-
> > > helper: error: could not create
> > > profile
> > > 2025-01-28T11:21:15.809885-05:00 saratoga libvirtd[1025]:
> > > internal error: cannot load AppArmor profile 'libvirt-f9987331-
> > > aa46-412e-baf0-bdef4b5a631e'
> > >   
> > >   
> > > -- System Information:
> > > Debian Release: trixie/sid
> > >     APT prefers testing
> > >     APT policy: (500, 'testing')
> > > Architecture: amd64 (x86_64)
> > >   
> > > Kernel: Linux 6.12.10-amd64 (SMP w/4 CPU threads; PREEMPT)
> > > Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
> > > LANGUAGE not set
> > > Shell: /bin/sh linked to /usr/bin/dash
> > > Init: systemd (via /run/systemd/system)
> > > LSM: AppArmor: enabled
> > >   
> > > Versions of packages libvirt-daemon-driver-qemu depends on:
> > > ii  adduser                     3.137
> > > ii  debconf [debconf-2.0]       1.5.89
> > > ii  libc6                       2.40-6
> > > ii  libgcc-s1                   14.2.0-12
> > > ii  libglib2.0-0t64             2.82.4-2
> > 
> > 
>