Ubuntu
libvirt package

apparmor prevents libvirt from running qemu-system-aarch64

Bug #1301516 reported by Oleg Strikov
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
libvirt (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

While trying to run openstack-nova/libvirt on arm64 machine we got the following error:

<libvirtd.log>
2014-04-02 16:08:11.140+0000: 1227: error : qemuProcessWaitForMonitor:1915 : internal error: process exited while connecting to monitor: libvirt: error : cannot execute binary /usr/bin/qemu-system-aarch64: Permission denied

</var/log/kern.log>
Apr 2 12:34:57 ms01a kernel: [ 2133.890335] type=1400 audit(1396456497.933:59): apparmor="DENIED" operation="exec" profile="libvirt-be2523fd-4c0a-43f0-afa9-c46122f2cf81" name="/usr/bin/qemu-system-aarch64" pid=6241 comm="libvirtd" requested_mask="x" denied_mask="x" fsuid=111 ouid=0

AppArmor prevents libvirtd from running qemu-system-aarch64 because this binary name is not listed in:
</etc/apparmor.d/abstractions/libvirt-qemu>
  <...>
  # the various binaries
  /usr/bin/kvm rmix,
  /usr/bin/qemu rmix,
  /usr/bin/qemu-system-arm rmix,
  /usr/bin/qemu-system-cris rmix,
  /usr/bin/qemu-system-i386 rmix,
  <...>

The following patch fixes the issue:
--- libvirt-1.2.2-0/debian/apparmor/libvirt-qemu 2014-04-02 12:51:03.013539000 -0400
+++ libvirt-1.2.2/debian/apparmor/libvirt-qemu 2014-04-02 12:54:18.653539000 -0400
@@ -83,6 +83,7 @@
   /usr/bin/kvm rmix,
   /usr/bin/qemu rmix,
   /usr/bin/qemu-system-arm rmix,
+ /usr/bin/qemu-system-aarch64 rmix,
   /usr/bin/qemu-system-cris rmix,
   /usr/bin/qemu-system-i386 rmix,
   /usr/bin/qemu-system-m68k rmix,

Tags: hs-arm64
Raghuram Kota (rkota)
tags: added: hs-arm64
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libvirt - 1.2.2-0ubuntu8

---------------
libvirt (1.2.2-0ubuntu8) trusty; urgency=medium

  * debian/apparmor/libvirt-qemu: Allow qemu-system-aarch64 to be used.
    (LP: #1301516)
 -- Chuck Short <email address hidden> Wed, 02 Apr 2014 14:20:39 -0400

Changed in libvirt (Ubuntu):
status: New → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.