[Pkg-libvirt-maintainers] Bug#1094583: libvirt-daemon-driver-qemu: apparmor template missing from filesystem

Kevin Otte nivex at nivex.net
Wed Jan 29 03:24:10 GMT 2025 

I didn't make any changes to the file. I didn't even know of its 
existence until I was trying to troubleshoot why I couldn't create VMs.

This seems to be my week for finding oddball edge cases. Given I've got 
the config files back and was able to deploy a VM, I guess you can close 
this out as notabug.

On 1/28/25 21:39, Alban Browaeys wrote:
> Le mardi 28 janvier 2025 à 21:20 -0500, Kevin Otte a écrit :
>> I had tried doing an "apt --reinstall install ..." of the package to
>> get
>> the configuration to no avail. Ultimately I had to do a "dpkg
>> --force-confmiss -i ..." to get the files.
>>
>> This was an upgrade from the previous version in testing, so it may
>> be
>> something to be aware of in the upgrade process.
>>
> 
> I was also upgrading in testing (Trixie) from libvirt-daemon-driver-
> qemu 10.10.0-3.
> 
> The apparmor template was already shipped by
> https://snapshot.debian.org/package/libvirt/10.7.0-3/#libvirt-daemon-driver-qemu_10.7.0-3
> but not by
> https://snapshot.debian.org/package/libvirt/10.5.0-1/#libvirt-daemon-driver-qemu_10.5.0-1
> 
> Though as far as I know a conffile that was not deleted by an user (or
> a FS corruption) is automatically installed when included in the
> package. I doubt there is an apt perference/ dpkg option that prevents
> new conffiles from installing but I did not check.
> 
> Maybe
> https://unix.stackexchange.com/questions/736439/files-defined-in-conffiles-not-installed-on-first-install
> ie you might have tweaked the apparmor template then uninstalled the
> package before reinstalling?
> 
> Cheers,
> Alban
> 
> 
>> On 1/28/25 21:10, Alban Browaeys wrote:
>>> On Tue, 28 Jan 2025 19:28:24 -0500 Kevin Otte
>>> <[nivex at nivex.net](mailto:nivex at nivex.net)> wrote:
>>>> Package: libvirt-daemon-driver-qemu
>>>> Version: 11.0.0-1
>>>> Severity: grave
>>>> Justification: renders package unusable
>>>>    
>>>> Dear Maintainer,
>>>>    
>>>> The package manifest includes an AppArmor template, but it is not
>>>> seen on the filesystem after the package is installed:
>>>>    
>>>> [root at saratoga](mailto:root at saratoga):/tmp# dpkg -L libvirt-
>>>> daemon-driver-qemu | grep -i template
>>>> /etc/apparmor.d/libvirt/TEMPLATE.qemu
>>>> [root at saratoga](mailto:root at saratoga):/tmp# ls -l
>>>> /etc/apparmor.d/libvirt/
>>>> total 0
>>>
>>> I cannot reproduce
>>> ii  libvirt-daemon-driver-qemu 11.0.0-1     amd64
>>> Virtualization daemon QEMU connection driver
>>>
>>> ls -l /etc/apparmor.d/libvirt/TEMPLATE.qemu
>>> -rw-r--r-- 1 root root 192  2 sept. 11:47
>>> /etc/apparmor.d/libvirt/TEMPLATE.qemu
>>>
>>> Either way if the template is shipped by the package it is not a
>>> package bug if the file is missing after installation.
>>> Still it could be an dpkg/apt bug but unlikely.
>>>
>>> Could it be you were running out of space on the /etc partition
>>> while installing or had a crash that corrupted
>>> this filesystem while installing ?
>>>
>>> https://packages.debian.org/trixie/amd64/libvirt-daemon-driver-qemu/filelist
>>>   shows the apparmor template is shipped
>>>
>>> downloading
>>> http://http.us.debian.org/debian/pool/main/libv/libvirt/libvirt-daemon-driver-qemu_11.0.0-1_amd64.deb
>>> and opening it with file-roller shows inside of it an
>>> /etc/apparmor.d/libvirt/TEMPLATE.qemu file with content: "
>>> #
>>> # This profile is for the domain whose UUID matches this file.
>>> #
>>>
>>> #include <tunables/global>
>>>
>>> profile LIBVIRT_TEMPLATE flags=(attach_disconnected) {
>>>     #include <abstractions/libvirt-qemu>
>>> }
>>> "
>>>
>>> This bug looks like a local system issue.
>>>
>>> Cheers,
>>> Alban
>>>
>>>> This has the effect of rendering virt-install/virt-manager unable
>>>> to deploy any new VMs:
>>>>    
>>>> Unable to complete install: 'internal error: cannot load AppArmor
>>>> profile 'libvirt-f9987331-aa46-412e-baf0-bdef4b5a631e''
>>>>    
>>>> Traceback (most recent call last):
>>>>      File "/usr/share/virt-manager/virtManager/asyncjob.py", line
>>>> 71, in cb_wrapper
>>>>        callback(asyncjob, *args, **kwargs)
>>>>        ~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^
>>>>      File "/usr/share/virt-manager/virtManager/createvm.py", line
>>>> 2008, in _do_async_install
>>>>        installer.start_install(guest, meter=meter)
>>>>        ~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^
>>>>      File "/usr/share/virt-manager/virtinst/install/installer.py",
>>>> line 726, in start_install
>>>>        domain = self._create_guest(
>>>>                guest, meter, initial_xml, final_xml,
>>>>                doboot, transient)
>>>>      File "/usr/share/virt-manager/virtinst/install/installer.py",
>>>> line 667, in _create_guest
>>>>        domain = self.conn.createXML(initial_xml or final_xml, 0)
>>>>      File "/usr/lib/python3/dist-packages/libvirt.py", line 4545,
>>>> in createXML
>>>>        raise libvirtError('virDomainCreateXML() failed')
>>>> libvirt.libvirtError: internal error: cannot load AppArmor
>>>> profile 'libvirt-f9987331-aa46-412e-baf0-bdef4b5a631e'
>>>>    
>>>>    
>>>> 2025-01-28T11:21:15.809798-05:00 saratoga libvirtd[1025]:
>>>> internal error: Child process (LIBVIRT_LOG_OUTPUTS=3:stderr
>>>> /usr/lib/libvirt/virt-aa-helper -c -u lib
>>>> virt-f9987331-aa46-412e-baf0-bdef4b5a631e) unexpected exit status
>>>> 1: virt-aa-helper: error: template does not exist#012virt-aa-
>>>> helper: error: could not create
>>>> profile
>>>> 2025-01-28T11:21:15.809885-05:00 saratoga libvirtd[1025]:
>>>> internal error: cannot load AppArmor profile 'libvirt-f9987331-
>>>> aa46-412e-baf0-bdef4b5a631e'
>>>>    
>>>>    
>>>> -- System Information:
>>>> Debian Release: trixie/sid
>>>>      APT prefers testing
>>>>      APT policy: (500, 'testing')
>>>> Architecture: amd64 (x86_64)
>>>>    
>>>> Kernel: Linux 6.12.10-amd64 (SMP w/4 CPU threads; PREEMPT)
>>>> Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
>>>> LANGUAGE not set
>>>> Shell: /bin/sh linked to /usr/bin/dash
>>>> Init: systemd (via /run/systemd/system)
>>>> LSM: AppArmor: enabled
>>>>    
>>>> Versions of packages libvirt-daemon-driver-qemu depends on:
>>>> ii  adduser                     3.137
>>>> ii  debconf [debconf-2.0]       1.5.89
>>>> ii  libc6                       2.40-6
>>>> ii  libgcc-s1                   14.2.0-12
>>>> ii  libglib2.0-0t64             2.82.4-2
>>>
>>>
>>
>

More information about the Pkg-libvirt-maintainers mailing list