AppArmor profile libvirt is incomplete
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libvirt (Ubuntu) |
Fix Released
|
Low
|
Unassigned |
Bug Description
I'm using the Ubuntu Cloud Archive and I'm encountering a incomplete libvirt AppArmor profile.
My libvirtd.log is showing lines like this:
2013-07-24 13:41:35.254+0000: 2995: warning : virAuditSend:135 : Failed to send audit message virt=kvm op=start reason=booted vm="r-1163-VM" uuid=1060bdc3-
This is due to "audit_write" missing as a capability in the AppArmor profile for libvirtd.
The simple fix is to add this line:
capability audit_write
In /etc/apparmor.
This is with libvirt 1.0.6 from the Havana repository.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: nova-compute (not installed)
ProcVersionSign
Uname: Linux 3.2.0-49-generic x86_64
NonfreeKernelMo
ApportVersion: 2.0.1-0ubuntu17.3
Architecture: amd64
Date: Wed Jul 24 20:27:55 2013
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
MarkForUpload: True
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: nova
UpgradeStatus: Upgraded to precise on 2012-04-21 (459 days ago)
Changed in nova (Ubuntu): | |
importance: | Undecided → Low |
status: | New → Triaged |
affects: | nova (Ubuntu) → libvirt (Ubuntu) |
no longer affects: | libvirt (Ubuntu Saucy) |
This actually breaks openstack-- VMs don't launch without it. Noticed this on 13.04 openstack.