Ubuntu
libvirt package

vague error during upgrade

Bug #1869796 reported by Seth Arnold on 2020-03-30

This bug affects 1 person

	Status	Importance	Assigned to
systemd	New	Unknown	auto-github-systemd-systemd #8102
debhelper (Debian)	Confirmed	Unknown	debbugs #955483
debhelper (Ubuntu)	New	Undecided	Unassigned
libvirt (Ubuntu)	Fix Released	Low	Christian Ehrhardt 
systemd (Ubuntu)	Won't Fix	Wishlist	Unassigned

Bug Description

Seen from today's apt upgrade on focal:

Setting up libvirt-daemon-driver-qemu (6.0.0-0ubuntu6) ...
Setting up libvirt-daemon (6.0.0-0ubuntu6) ...
Setting up libvirt-daemon-driver-storage-rbd (6.0.0-0ubuntu6) ...
Setting up libvirt-daemon-driver-storage-zfs (6.0.0-0ubuntu6) ...
Setting up libvirt-daemon-system (6.0.0-0ubuntu6) ...
Job failed. See "journalctl -xe" for details.
virtlockd.service is a disabled or a static unit, not starting it.
virtlogd.service is a disabled or a static unit, not starting it.
Setting up libvirt-daemon dnsmasq configuration.

Sadly 'journactl -xe' was useless. (It only showed a thousand unrelated lines.) A raw journalctl took forever to run long enough to let me see it generated two million lines of output, and started about two years ago, that I'm not keen on trying to run that through less or similar. Advice accepted.

systemctl status looks good enough though:

$ systemctl status 'libvirt*'
● libvirtd.socket - Libvirt local socket
     Loaded: loaded (/lib/systemd/system/libvirtd.socket; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2020-03-30 20:44:55 UTC; 6min ago
   Triggers: ● libvirtd.service
     Listen: /run/libvirt/libvirt-sock (Stream)
      Tasks: 0 (limit: 18814)
     Memory: 0B
     CGroup: /system.slice/libvirtd.socket

Mar 30 20:44:55 millbarge systemd[1]: Listening on Libvirt local socket.

● libvirtd.service - Virtualization daemon
     Loaded: loaded (/lib/systemd/system/libvirtd.service; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2020-03-30 20:44:55 UTC; 6min ago
TriggeredBy: ● libvirtd-admin.socket
             ● libvirtd.socket
             ● libvirtd-ro.socket
       Docs: man:libvirtd(8)
             https://libvirt.org
   Main PID: 3646435 (libvirtd)
      Tasks: 19 (limit: 32768)
     Memory: 26.9M
     CGroup: /system.slice/libvirtd.service
             ├─ 3054 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper
             ├─ 3055 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper
             └─3646435 /usr/sbin/libvirtd

Mar 30 20:44:55 millbarge systemd[1]: Starting Virtualization daemon...
Mar 30 20:44:55 millbarge systemd[1]: Started Virtualization daemon.
Mar 30 20:44:55 millbarge dnsmasq[3054]: read /etc/hosts - 7 addresses
Mar 30 20:44:55 millbarge dnsmasq[3054]: read /var/lib/libvirt/dnsmasq/default.addnhosts - 0 addresses
Mar 30 20:44:55 millbarge dnsmasq-dhcp[3054]: read /var/lib/libvirt/dnsmasq/default.hostsfile

● libvirtd-admin.socket - Libvirt admin socket
     Loaded: loaded (/lib/systemd/system/libvirtd-admin.socket; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2020-03-30 20:44:55 UTC; 6min ago
   Triggers: ● libvirtd.service
     Listen: /run/libvirt/libvirt-admin-sock (Stream)
      Tasks: 0 (limit: 18814)
     Memory: 0B
     CGroup: /system.slice/libvirtd-admin.socket

Mar 30 20:44:55 millbarge systemd[1]: Listening on Libvirt admin socket.

● libvirt-guests.service - Suspend/Resume Running libvirt Guests
     Loaded: loaded (/lib/systemd/system/libvirt-guests.service; enabled; vendor preset: enabled)
     Active: active (exited) since Wed 2020-03-25 00:41:47 UTC; 5 days ago
       Docs: man:libvirtd(8)
             https://libvirt.org
   Main PID: 2808 (code=exited, status=0/SUCCESS)
      Tasks: 0 (limit: 18814)
     Memory: 0B
     CGroup: /system.slice/libvirt-guests.service

Mar 25 00:41:47 millbarge systemd[1]: Starting Suspend/Resume Running libvirt Guests...
Mar 25 00:41:47 millbarge systemd[1]: Finished Suspend/Resume Running libvirt Guests.

● libvirtd-ro.socket - Libvirt local read-only socket
     Loaded: loaded (/lib/systemd/system/libvirtd-ro.socket; enabled; vendor preset: enabled)
     Active: active (running) since Mon 2020-03-30 20:44:55 UTC; 6min ago
   Triggers: ● libvirtd.service
     Listen: /run/libvirt/libvirt-sock-ro (Stream)
      Tasks: 0 (limit: 18814)
     Memory: 0B
     CGroup: /system.slice/libvirtd-ro.socket

Mar 30 20:44:55 millbarge systemd[1]: Listening on Libvirt local read-only socket.

Thanks

ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: libvirt-daemon 6.0.0-0ubuntu6
ProcVersionSignature: Ubuntu 5.4.0-20.24-generic 5.4.27
Uname: Linux 5.4.0-20-generic x86_64
NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair
ApportVersion: 2.20.11-0ubuntu21
Architecture: amd64
Date: Mon Mar 30 20:48:08 2020
ProcEnviron:
TERM=rxvt-unicode-256color
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: libvirt
UpgradeStatus: Upgraded to focal on 2020-01-24 (66 days ago)
modified.conffile..etc.libvirt.nwfilter.allow-arp.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/allow-arp.xml']
modified.conffile..etc.libvirt.nwfilter.allow-dhcp-server.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/allow-dhcp-server.xml']
modified.conffile..etc.libvirt.nwfilter.allow-dhcp.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/allow-dhcp.xml']
modified.conffile..etc.libvirt.nwfilter.allow-incoming-ipv4.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/allow-incoming-ipv4.xml']
modified.conffile..etc.libvirt.nwfilter.allow-ipv4.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/allow-ipv4.xml']
modified.conffile..etc.libvirt.nwfilter.clean-traffic-gateway.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/clean-traffic-gateway.xml']
modified.conffile..etc.libvirt.nwfilter.clean-traffic.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/clean-traffic.xml']
modified.conffile..etc.libvirt.nwfilter.no-arp-ip-spoofing.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/no-arp-ip-spoofing.xml']
modified.conffile..etc.libvirt.nwfilter.no-arp-mac-spoofing.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/no-arp-mac-spoofing.xml']
modified.conffile..etc.libvirt.nwfilter.no-arp-spoofing.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/no-arp-spoofing.xml']
modified.conffile..etc.libvirt.nwfilter.no-ip-multicast.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/no-ip-multicast.xml']
modified.conffile..etc.libvirt.nwfilter.no-ip-spoofing.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/no-ip-spoofing.xml']
modified.conffile..etc.libvirt.nwfilter.no-mac-broadcast.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/no-mac-broadcast.xml']
modified.conffile..etc.libvirt.nwfilter.no-mac-spoofing.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/no-mac-spoofing.xml']
modified.conffile..etc.libvirt.nwfilter.no-other-l2-traffic.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/no-other-l2-traffic.xml']
modified.conffile..etc.libvirt.nwfilter.no-other-rarp-traffic.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/no-other-rarp-traffic.xml']
modified.conffile..etc.libvirt.nwfilter.qemu-announce-self-rarp.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/qemu-announce-self-rarp.xml']
modified.conffile..etc.libvirt.nwfilter.qemu-announce-self.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/nwfilter/qemu-announce-self.xml']
modified.conffile..etc.libvirt.qemu.conf: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/qemu.conf']
modified.conffile..etc.libvirt.qemu.networks.default.xml: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/qemu/networks/default.xml']

Tags:

Related branches

~paelzer/ubuntu/+source/libvirt:merge-6.6.0-groovy

Merged into ~paelzer/ubuntu/+source/libvirt:merge-6.6.0-mergebase at revision 139d00982a7117772220aea95675dfa522fd29da

Rafael David Tinoco (community): Approve on 2020-08-21

Canonical Server: Pending requested 2020-08-19

Christian Ehrhardt : Pending requested 2020-08-19

Diff: 10108 lines (+9168/-74)

46 files modified

debian/changelog (+7070/-25)
debian/control (+16/-16)
debian/libvirt-clients.install (+1/-0)
debian/libvirt-clients.lintian-overrides (+1/-0)
debian/libvirt-daemon-system.dirs (+2/-0)
debian/libvirt-daemon-system.install (+1/-1)
debian/libvirt-daemon-system.postinst (+128/-0)
debian/libvirt-daemon-system.postrm (+26/-1)
debian/libvirt-daemon.README.Debian (+82/-22)
debian/libvirt-daemon.apport (+22/-0)
debian/libvirt-daemon.dnsmasq (+2/-0)
debian/libvirt-daemon.install (+1/-0)
debian/libvirt-uri.sh (+27/-0)
debian/patches/series (+30/-0)
debian/patches/ubuntu-aa/0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch (+30/-0)
debian/patches/ubuntu-aa/0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch (+28/-0)
debian/patches/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch (+37/-0)
debian/patches/ubuntu-aa/0029-appmor-libvirt-qemu-Add-9p-support.patch (+34/-0)
debian/patches/ubuntu-aa/0030-virt-aa-helper-Complete-9p-support.patch (+36/-0)
debian/patches/ubuntu-aa/0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch (+43/-0)
debian/patches/ubuntu-aa/0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch (+34/-0)
debian/patches/ubuntu-aa/0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch (+41/-0)
debian/patches/ubuntu-aa/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch (+33/-0)
debian/patches/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch (+19/-0)
debian/patches/ubuntu-aa/apparmor-allow-unmounting-.dev-entries.patch (+41/-0)
debian/patches/ubuntu-aa/apparmor-profiles-are-meant-to-allow-adding-permanen.patch (+65/-0)
debian/patches/ubuntu-aa/lp-1815910-allow-vhost-hotplug.patch (+57/-0)
debian/patches/ubuntu-aa/lp-1847361-load-versioned-module.patch (+44/-0)
debian/patches/ubuntu/Allow-libvirt-group-to-access-the-socket.patch (+49/-0)
debian/patches/ubuntu/daemon-augeas-fix-expected.patch (+20/-0)
debian/patches/ubuntu/dnsmasq-as-priv-user (+290/-0)
debian/patches/ubuntu/lp-1861125-ubuntu-models.patch (+21/-0)
debian/patches/ubuntu/ovmf_paths.patch (+60/-0)
debian/patches/ubuntu/parallel-shutdown.patch (+25/-0)
debian/patches/ubuntu/set-default-machine-to-ubuntu.patch (+45/-0)
debian/patches/ubuntu/tools-fix-libvirt-guests.sh-text-assignments.patch (+405/-0)
debian/patches/ubuntu/ubuntu_machine_type.patch (+14/-0)
debian/patches/ubuntu/wait-for-qemu-kvm.patch (+23/-0)
debian/patches/virdevmapper-Don-t-cache-device-mapper-major.patch (+88/-0)
debian/patches/virdevmapper-Handle-kernel-without-device-mapper-support.patch (+76/-0)
debian/patches/virdevmapper-Ignore-all-errors-when-opening-dev-mapper-co.patch (+76/-0)
debian/rules (+14/-4)
debian/tests/control (+2/-1)
debian/tests/smoke-lxc (+2/-2)
debian/tests/smoke-qemu-session (+5/-0)
debian/tests/smoke-qemu-session.xml (+2/-2)

CVE References

Revision history for this message

Seth Arnold (seth-arnold) wrote on 2020-03-30:

Dependencies.txt Edit (7.9 KiB, text/plain; charset="utf-8")
KernLog.txt Edit (2.3 KiB, text/plain; charset="utf-8")
ProcCpuinfoMinimal.txt Edit (1.3 KiB, text/plain; charset="utf-8")
RelatedPackageVersions.txt Edit (174 bytes, text/plain; charset="utf-8")

Revision history for this message

Simon Déziel (sdeziel) wrote on 2020-03-30: Re: [Bug 1869796] [NEW] vague error during upgrade

On 2020-03-30 4:54 p.m., Seth Arnold wrote:
> Sadly 'journactl -xe' was useless. (It only showed a thousand unrelated lines.) A raw journalctl took forever to run long enough to let me see it generated two million lines of output, and started about two years ago, that I'm not keen on trying to run that through less or similar. Advice accepted.

This should let you see today's logs related to $UNIT_NAME:

journalctl -S today -u $UNIT_NAME

Revision history for this message

Seth Arnold (seth-arnold) wrote on 2020-03-31:

Download full text (8.7 KiB)

On Mon, Mar 30, 2020 at 09:09:56PM -0000, Simon Déziel wrote:
> On 2020-03-30 4:54 p.m., Seth Arnold wrote:
> > Sadly 'journactl -xe' was useless. (It only showed a thousand
> > unrelated lines.) A raw journalctl took forever to run long enough to
> > let me see it generated two million lines of output, and started about
> > two years ago, that I'm not keen on trying to run that through less or
> > similar. Advice accepted.
>
> This should let you see today's logs related to $UNIT_NAME:
>
> journalctl -S today -u $UNIT_NAME

Thanks Simon, that's really useful:

On Mon, Mar 30, 2020 at 09:09:56PM -0000, Simon Déziel wrote:
> On 2020-03-30 4:54 p.m., Seth Arnold wrote:
> > Sadly 'journactl -xe' was useless. (It only showed a thousand
> > unrelated lines.) A raw journalctl took forever to run long enough to
> > let me see it generated two million lines of output, and started about
> > two years ago, that I'm not keen on trying to run that through less or
> > similar. Advice accepted.
> 
> This should let you see today's logs related to $UNIT_NAME:
> 
>   journalctl -S today -u $UNIT_NAME

Thanks Simon, that's really useful:

$ journalctl -S yesterday -u libvirt*
-- Logs begin at Mon 2020-02-10 21:23:01 UTC, end at Tue 2020-03-31 01:27:06 UTC. --
Mar 30 17:58:04 millbarge dnsmasq[3054]: reading /etc/resolv.conf
Mar 30 17:58:04 millbarge dnsmasq[3054]: using nameserver 127.0.0.53#53
Mar 30 17:58:04 millbarge dnsmasq[3054]: reading /etc/resolv.conf
Mar 30 17:58:04 millbarge dnsmasq[3054]: using nameserver 127.0.0.53#53
Mar 30 17:58:04 millbarge dnsmasq[3054]: reading /etc/resolv.conf
Mar 30 17:58:04 millbarge dnsmasq[3054]: using nameserver 127.0.0.53#53
Mar 30 17:58:04 millbarge dnsmasq[3054]: reading /etc/resolv.conf
Mar 30 17:58:04 millbarge dnsmasq[3054]: using nameserver 127.0.0.53#53
Mar 30 17:58:04 millbarge dnsmasq[3054]: reading /etc/resolv.conf
Mar 30 17:58:04 millbarge dnsmasq[3054]: using nameserver 127.0.0.53#53
Mar 30 17:58:04 millbarge dnsmasq[3054]: reading /etc/resolv.conf
Mar 30 17:58:04 millbarge dnsmasq[3054]: using nameserver 127.0.0.53#53
Mar 30 17:58:04 millbarge dnsmasq[3054]: reading /etc/resolv.conf
Mar 30 17:58:04 millbarge dnsmasq[3054]: using nameserver 127.0.0.53#53
Mar 30 17:58:04 millbarge dnsmasq[3054]: reading /etc/resolv.conf
Mar 30 17:58:04 millbarge dnsmasq[3054]: using nameserver 127.0.0.53#53
Mar 30 17:58:04 millbarge dnsmasq[3054]: reading /etc/resolv.conf
Mar 30 17:58:04 millbarge dnsmasq[3054]: using nameserver 127.0.0.53#53
Mar 30 17:58:04 millbarge dnsmasq[3054]: reading /etc/resolv.conf
Mar 30 17:58:04 millbarge dnsmasq[3054]: using nameserver 127.0.0.53#53
Mar 30 17:58:04 millbarge dnsmasq[3054]: reading /etc/resolv.conf
Mar 30 17:58:04 millbarge dnsmasq[3054]: using nameserver 127.0.0.53#53
Mar 30 17:58:04 millbarge dnsmasq[3054]: reading /etc/resolv.conf
Mar 30 17:58:04 millbarge dnsmasq[3054]: using nameserver 127.0.0.53#53
Mar 30 17:58:04 millbarge dnsmasq[3054]: reading /etc/resolv.conf
Mar 30 17:58:04 millbarge dnsmasq[3054]: using nameserver 127.0.0.53#53
Mar 30 20:44:31 millbarge dnsmasq[3054]: reading /etc/resolv.conf
Mar 30 20:44:31 millbarge dnsmasq[3054]: using nameserver 127.0.0.53#53
Mar 30 20:44:55 millbarge systemd[1]: libvirtd-ro.socket: Succeeded.
Mar 30 20:44:55 millbarge systemd[1]: Closed Libvirt local read-only socket.
Mar 30 20:44:55 millbarge systemd[1]: Stopping Libvirt local read-only socket.
Mar 30 20:44:55 millbarge systemd[1]: libvirtd-ro.socket: Socket service libvirtd.service already active, refusing.
Mar 30 20:44:55 millbarge systemd[1]: Failed to listen on Libvirt local read-only socket.
Mar 30 20:44:55 millbarge systemd[1]: Stopping Virtualization daemon...
Mar 30 20:44:55 millbarge systemd[1]: libvirtd.service: Succeeded.
Mar 30 20:44:55 millbarge systemd[1]: Stopped Virtualization daemon.
Mar 30 20:44:55 millbarge systemd[1]: libvirtd-admin.socket: Succeeded.
Mar 30 20:44:55 millbarge systemd[1]: Closed Libvirt admin socket.
Mar 30 20:44:55 millbarge systemd[1]: Stopping Libvirt admin socket.
Mar 30 20:44:55 millbarge systemd[1]: libvirtd.socket: Succeeded.
Mar 30 20:44:55 millbarge systemd[1]: Closed Libvirt local socket.
Mar 30 20:44:55 millbarge systemd[1]: Stopping Libvirt local socket.
Mar 30 20:44:55 millbarge systemd[1]: Listening on Libvirt local socket.
Mar 30 20:44:55 millbarge systemd[1]: Listening on Libvirt admin socket.
Mar 30 20:44:55 millbarge systemd[1]: Listening on Libvirt local read-only socket.
Mar 30 20:44:55 millbarge systemd[1]: libvirtd.service: Found left-over process 3054 (dnsmasq) in control group while starting unit. Ignoring.
Mar 30 20:44:55 millbarge systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Mar 30 20:44:55 millbarge systemd[1]: libvirtd.service: Found left-over process 3055 (dnsmasq) in control group while starting unit. Ignoring.
Mar 30 20:44:55 millbarge systemd[1]: This usually indicates unclean termination of a previous run, or service implementation deficiencies.
Mar 30 20:44:55 millbarge systemd[1]: Starting Virtualization daemon...
Mar 30 20:44:55 millbarge systemd[1]: Started Virtualization daemon.
Mar 30 20:44:55 millbarge dnsmasq[3054]: read /etc/hosts - 7 addresses
Mar 30 20:44:55 millbarge dnsmasq[3054]: read /var/lib/libvirt/dnsmasq/default.addnhosts - 0 addresses
Mar 30 20:44:55 millbarge dnsmasq-dhcp[3054]: read /var/lib/libvirt/dnsmasq/default.hostsfile
Mar 31 00:02:58 millbarge systemd[1]: Stopping Suspend/Resume Running libvirt Guests...
Mar 31 00:02:58 millbarge libvirt-guests.sh[3865897]: Running guests on default URI:
Mar 31 00:02:58 millbarge libvirt-guests.sh[3865910]: Running guests on
Mar 31 00:02:58 millbarge libvirt-guests.sh[3865859]: R
Mar 31 00:02:58 millbarge systemd[1]: libvirt-guests.service: Succeeded.
Mar 31 00:02:58 millbarge systemd[1]: Stopped Suspend/Resume Running libvirt Guests.
Mar 31 00:02:58 millbarge systemd[1]: Stopping Virtualization daemon...
Mar 31 00:02:58 millbarge systemd[1]: libvirtd.service: Succeeded.
Mar 31 00:02:58 millbarge systemd[1]: Stopped Virtualization daemon.
Mar 31 00:03:00 millbarge systemd[1]: libvirtd-admin.socket: Succeeded.
Mar 31 00:03:00 millbarge systemd[1]: Closed Libvirt admin socket.
Mar 31 00:03:00 millbarge systemd[1]: libvirtd-ro.socket: Succeeded.
Mar 31 00:03:00 millbarge systemd[1]: Closed Libvirt local read-only socket.
Mar 31 00:03:00 millbarge systemd[1]: libvirtd.socket: Succeeded.
Mar 31 00:03:00 millbarge systemd[1]: Closed Libvirt local socket.
-- Reboot --
Mar 31 00:04:08 millbarge systemd[1]: Listening on Libvirt local socket.
Mar 31 00:04:08 millbarge systemd[1]: Listening on Libvirt admin socket.
Mar 31 00:04:08 millbarge systemd[1]: Listening on Libvirt local read-only socket.
Mar 31 00:04:12 millbarge systemd[1]: Starting Virtualization daemon...
Mar 31 00:04:12 millbarge systemd[1]: Started Virtualization daemon.
Mar 31 00:04:12 millbarge systemd[1]: Starting Suspend/Resume Running libvirt Guests...
Mar 31 00:04:12 millbarge systemd[1]: Finished Suspend/Resume Running libvirt Guests.
Mar 31 00:04:13 millbarge dnsmasq[3011]: started, version 2.80 cachesize 150
Mar 31 00:04:13 millbarge dnsmasq[3011]: compile time options: IPv6 GNU-getopt DBus i18n IDN DHCP DHCPv6 no-Lua TFTP conntrack ipset auth DNSSEC loop-detect inotify dumpfile
Mar 31 00:04:13 millbarge dnsmasq-dhcp[3011]: DHCP, IP range 192.168.122.2 -- 192.168.122.254, lease time 1h
Mar 31 00:04:13 millbarge dnsmasq-dhcp[3011]: DHCP, sockets bound exclusively to interface virbr0
Mar 31 00:04:13 millbarge dnsmasq[3011]: reading /etc/resolv.conf
Mar 31 00:04:13 millbarge dnsmasq[3011]: using nameserver 127.0.0.53#53
Mar 31 00:04:13 millbarge dnsmasq[3011]: read /etc/hosts - 7 addresses
Mar 31 00:04:13 millbarge dnsmasq[3011]: read /var/lib/libvirt/dnsmasq/default.addnhosts - 0 addresses
Mar 31 00:04:13 millbarge dnsmasq-dhcp[3011]: read /var/lib/libvirt/dnsmasq/default.hostsfile
Mar 31 00:27:57 millbarge dnsmasq[3011]: reading /etc/resolv.conf
Mar 31 00:27:57 millbarge dnsmasq[3011]: using nameserver 127.0.0.53#53
Mar 31 00:27:57 millbarge dnsmasq[3011]: reading /etc/resolv.conf
Mar 31 00:27:57 millbarge dnsmasq[3011]: using nameserver 127.0.0.53#53
Mar 31 00:27:57 millbarge dnsmasq[3011]: reading /etc/resolv.conf
Mar 31 00:27:57 millbarge dnsmasq[3011]: using nameserver 127.0.0.53#53
Mar 31 00:27:57 millbarge dnsmasq[3011]: reading /etc/resolv.conf
Mar 31 00:27:57 millbarge dnsmasq[3011]: using nameserver 127.0.0.53#53
Mar 31 00:27:57 millbarge dnsmasq[3011]: reading /etc/resolv.conf
Mar 31 00:27:57 millbarge dnsmasq[3011]: using nameserver 127.0.0.53#53
Mar 31 00:27:57 millbarge dnsmasq[3011]: reading /etc/resolv.conf
Mar 31 00:27:57 millbarge dnsmasq[3011]: using nameserver 127.0.0.53#53
Mar 31 00:27:57 millbarge dnsmasq[3011]: reading /etc/resolv.conf
Mar 31 00:27:57 millbarge dnsmasq[3011]: using nameserver 127.0.0.53#53
Mar 31 00:27:57 millbarge dnsmasq[3011]: reading /etc/resolv.conf
Mar 31 00:27:57 millbarge dnsmasq[3011]: using nameserver 127.0.0.53#53
Mar 31 00:27:57 millbarge dnsmasq[3011]: reading /etc/resolv.conf
Mar 31 00:27:57 millbarge dnsmasq[3011]: using nameserver 127.0.0.53#53
Mar 31 00:27:57 millbarge dnsmasq[3011]: reading /etc/resolv.conf
Mar 31 00:27:57 millbarge dnsmasq[3011]: using nameserver 127.0.0.53#53
Mar 31 00:27:57 millbarge dnsmasq[3011]: reading /etc/resolv.conf
Mar 31 00:27:57 millbarge dnsmasq[3011]: using nameserver 127.0.0.53#53

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2020-03-31:

In your logs I've found the following two interesting pieces:

Mar 30 20:44:55 millbarge systemd[1]: libvirtd.service: Found left-over process 3054 (dnsmasq) in control group while starting unit. Ignoring.
=> That is ok, some things are expected to live over to the new restarted service

Mar 30 20:44:55 millbarge systemd[1]: libvirtd-ro.socket: Succeeded.
Mar 30 20:44:55 millbarge systemd[1]: Closed Libvirt local read-only socket.
Mar 30 20:44:55 millbarge systemd[1]: Stopping Libvirt local read-only socket.
Mar 30 20:44:55 millbarge systemd[1]: libvirtd-ro.socket: Socket service libvirtd.service already active, refusing.

That might be related to your issue, but I'm not entirely sure.

Unless you restarted plenty of services already could you run the following pelase:
$ systemctl status $(for f in $(dpkg -L libvirt-daemon-system | grep systemd | grep -e socket -e service); do basename $f; done | xargs)

I can then compare that with new-installs and upgrades that I can retry.

Also was your upgrade from
- former focal version
- from eoan
- from bionic
?

Changed in libvirt (Ubuntu):
status:	New → Incomplete

Revision history for this message

Seth Arnold (seth-arnold) wrote on 2020-03-31: Re: [Bug 1869796] Re: vague error during upgrade

On Tue, Mar 31, 2020 at 02:15:11PM -0000, Christian Ehrhardt  wrote:
> Mar 30 20:44:55 millbarge systemd[1]: libvirtd.service: Found left-over process 3054 (dnsmasq) in control group while starting unit. Ignoring.
> => That is ok, some things are expected to live over to the new restarted service

Nice to know.

> Mar 30 20:44:55 millbarge systemd[1]: libvirtd-ro.socket: Succeeded.
> Mar 30 20:44:55 millbarge systemd[1]: Closed Libvirt local read-only socket.
> Mar 30 20:44:55 millbarge systemd[1]: Stopping Libvirt local read-only socket.
> Mar 30 20:44:55 millbarge systemd[1]: libvirtd-ro.socket: Socket service libvirtd.service already active, refusing.
>
> That might be related to your issue, but I'm not entirely sure.

I'd also hope this is just a warning, but.. you never know.

>
> Unless you restarted plenty of services already could you run the following pelase:
> $ systemctl status $(for f in $(dpkg -L libvirt-daemon-system | grep systemd | grep -e socket -e service); do basename $f; done | xargs)
>
> I can then compare that with new-installs and upgrades that I can retry.

Unfortunately I've rebooted several times since then. Very handy little
one-liner for getting "package" status, thanks.

> Also was your upgrade from
> - former focal version

My update was from a former focal version.

Thanks

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2020-04-01:

Thanks Seth,
then there isn't much more left than retrying this a few times on focal and see if I can reproduce.
Otherwise it will be incomplete until we have a better view on this :-/

Since we didn't change anything on the services in the last upload we can use the following for the same upgrade path:
$ apt install --reinstall libvirt-daemon-system

And indeed with that I was able to recreate it:
root@f2:~# apt install --reinstall libvirt-daemon-system
Reading package lists... Done
Building dependency tree
Reading state information... Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 7 not upgraded.
Need to get 67.5 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu focal/main amd64 libvirt-daemon-system amd64 6.0.0-0ubuntu6 [67.5 kB]
Fetched 67.5 kB in 0s (440 kB/s)
Preconfiguring packages ...
(Reading database ... 46975 files and directories currently installed.)
Preparing to unpack .../libvirt-daemon-system_6.0.0-0ubuntu6_amd64.deb ...
Unpacking libvirt-daemon-system (6.0.0-0ubuntu6) over (6.0.0-0ubuntu6) ...
Setting up libvirt-daemon-system (6.0.0-0ubuntu6) ...
Job failed. See "journalctl -xe" for details.
virtlockd.service is a disabled or a static unit, not starting it.
virtlogd.service is a disabled or a static unit, not starting it.
Setting up libvirt-daemon dnsmasq configuration.
root@f2:~# echo $?
0

So no bad RC, just warning - but which and why exactly is the question.

Changed in libvirt (Ubuntu):
status:	Incomplete → Confirmed

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2020-04-01:

The status of all services prior and post the upgrade is the same.
Since nothing changed it is repeatable \o/.

Maybe I can step by step go through *inst maint scripts and see which one is triggering that.

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2020-04-01:

The one thing in the logs (which we have identified before) that is suspicious is:
Apr 01 07:37:26 f2 systemd[1]: libvirtd-ro.socket: Succeeded.
Apr 01 07:37:26 f2 systemd[1]: Closed Libvirt local read-only socket.
Apr 01 07:37:26 f2 systemd[1]: Stopping Libvirt local read-only socket.
Apr 01 07:37:26 f2 systemd[1]: libvirtd-ro.socket: Socket service libvirtd.service already active, refusing.
Apr 01 07:37:26 f2 systemd[1]: Failed to listen on Libvirt local read-only socket.

But it is up and even started at the right time:

root@f2:~# systemctl status libvirtd-ro.socket
● libvirtd-ro.socket - Libvirt local read-only socket
     Loaded: loaded (/lib/systemd/system/libvirtd-ro.socket; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2020-04-01 07:37:26 UTC; 2min 31s ago
   Triggers: ● libvirtd.service
     Listen: /run/libvirt/libvirt-sock-ro (Stream)
     CGroup: /system.slice/libvirtd-ro.socket
Apr 01 07:37:26 f2 systemd[1]: Listening on Libvirt local read-only socket.

It might start it twice and only one fails?
With re-installs on 7:35 and 7:37 the log looks like that:

Mar 31 14:11:06 f2 systemd[1]: Listening on Libvirt local read-only socket.
Apr 01 07:35:19 f2 systemd[1]: Closed Libvirt local read-only socket.
Apr 01 07:35:19 f2 systemd[1]: Stopping Libvirt local read-only socket.
Apr 01 07:35:19 f2 systemd[1]: Failed to listen on Libvirt local read-only socket.
Apr 01 07:35:19 f2 systemd[1]: Listening on Libvirt local read-only socket.
Apr 01 07:37:26 f2 systemd[1]: Closed Libvirt local read-only socket.
Apr 01 07:37:26 f2 systemd[1]: Stopping Libvirt local read-only socket.
Apr 01 07:37:26 f2 systemd[1]: Failed to listen on Libvirt local read-only socket.
Apr 01 07:37:26 f2 systemd[1]: Listening on Libvirt local read-only socket

Each time we see it first fail and then succeed.
I need to check where exactly the two calls come from and if we can remove the former one.

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2020-04-01:

  # unpack
  $ apt download libvirt-daemon-system
  $ dpkg-deb -x libvirt-daemon-system_6.0.0-0ubuntu6_amd64.deb libvirt-daemon-system
  $ dpkg-deb -e libvirt-daemon-system_6.0.0-0ubuntu6_amd64.deb libvirt-daemon-system/DEBIAN
  $ mv libvirt-daemon-system_6.0.0-0ubuntu6_amd64.deb libvirt-daemon-system_6.0.0-0ubuntu6_amd64.deb.orig
  # modify
  vim libvirt-daemon-system/DEBIAN/p*
  # repack
  $ dpkg-deb -b libvirt-daemon-system libvirt-daemon-system_6.0.0-0ubuntu6_amd64.deb

First the fail:
+ _dh_action=restart
+ deb-systemd-invoke restart libvirtd-ro.socket libvirtd.service libvirtd.socket virtlockd.socket virtlogd.socket
Job failed. See "journalctl -xe" for details.

and later the workign start:
+ systemctl --system daemon-reload
+ deb-systemd-invoke start libvirt-guests.service libvirtd-admin.socket libvirtd-ro.socket libvirtd.socket virtlockd-admin.socket virtlockd.service virtlockd.socket virtlogd-admin.socket virtlogd.service virtlogd.socket

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2020-04-01:

#10

There are two sections in the postinst both added by dh_installsystemd/12.9ubuntu1

1. restart on upgrade, start otherwise
if [ -n "$2" ]; then
_dh_action=restart
else
_dh_action=start
fi
deb-systemd-invoke $_dh_action 'libvirtd-ro.socket' 'libvirtd.service' 'libvirtd.socket' 'virtlockd.socket' 'virtlogd.socket' >/dev/null || true

2. unconditional start
deb-systemd-invoke start 'libvirt-guests.service' 'libvirtd-admin.socket' 'libvirtd-ro.socket' 'libvirtd.socket' 'virtlockd-admin.socket' 'virtlockd.service' 'virtlockd.socket' 'virtlogd-admin.socket' 'virtlogd.service' 'virtlogd.socket' >/dev/null || true

We have two calls to dh_installsystemd indeed in r/rules:
255 »···dh_installsystemd -p libvirt-daemon-system --restart-after-upgrade libvirtd.service
256 »···dh_installsystemd -p libvirt-daemon-system --no-stop-on-upgrade --no-restart-after-upgrade $(LIBVIRT_SYSTEM_SERVICES)

Of these line 256 is all the auxiliary services with no-stop.
It matches the unconditional start we see in #2 due to "--no-stop-on-upgrade --no-restart-after-upgrade"

On line 255 we have the actual service restart.
It seems that the rule for libvirtd.service is pulling in a bunch of .socket files without us calling for it (maybe all dependent ones). Yep it matches:
root@f2:~# grep Also /lib/systemd/system/libvirtd.service
Also=virtlockd.socket
Also=virtlogd.socket
Also=libvirtd.socket
Also=libvirtd-ro.socket

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2020-04-01:

#11

So we start&restart plenty of sockets (not just libvirtd-ro.socket), and all others are happy.
So what is wrong/special with libvirtd-ro.socket?

Comparing the normal with the -ro socket:

one can be started without error:
root@f2:~# deb-systemd-invoke start libvirtd.socket
root@f2:~# deb-systemd-invoke start libvirtd.socket
root@f2:~# deb-systemd-invoke start libvirtd.socket

But the other one fails on the same:
root@f2:~# deb-systemd-invoke start libvirtd-ro.socket
Job failed. See "journalctl -xe" for details.
root@f2:~# deb-systemd-invoke start libvirtd-ro.socket
Job failed. See "journalctl -xe" for details.
root@f2:~# deb-systemd-invoke start libvirtd-ro.socket
Job failed. See "journalctl -xe" for details.

But with a restart I could break the formerly working one:
root@f2:~# deb-systemd-invoke restart libvirtd.socket
Job failed. See "journalctl -xe" for details.

And from that moment on:
root@f2:~# deb-systemd-invoke start libvirtd.socket
Job failed. See "journalctl -xe" for details.

So it seems as soon as we do "restart" we can no more "start".
That is reasonable, the socket is up then the service is up.
And a "start" just makes it "no-op as it is there" but the restart stops it.

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2020-04-01:

#12

The two most similar working/failing sockets have no diff that IMHO would explain the behavior:
root@f2:~# diff -Naur /lib/systemd/system/libvirtd.socket /lib/systemd/system/libvirtd-ro.socket
--- /lib/systemd/system/libvirtd.socket 2020-03-20 09:34:19.000000000 +0000
+++ /lib/systemd/system/libvirtd-ro.socket 2020-03-20 09:34:19.000000000 +0000
@@ -1,12 +1,14 @@
[Unit]
-Description=Libvirt local socket
+Description=Libvirt local read-only socket
Before=libvirtd.service
+BindsTo=libvirtd.socket
+After=libvirtd.socket

[Socket]
# The directory must match the /etc/libvirt/libvirtd.conf unix_sock_dir setting
# when using systemd version < 227
-ListenStream=/run/libvirt/libvirt-sock
+ListenStream=/run/libvirt/libvirt-sock-ro
Service=libvirtd.service
SocketMode=0666

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2020-04-01:

#13

Turns out this is an ordering issue:

This makes it break:
$ deb-systemd-invoke restart 'libvirtd-ro.socket' 'libvirtd.service' 'libvirtd.socket' 'virtlockd.socket' 'virtlogd.socket'
Job failed. See "journalctl -xe" for details.

But this order would works:
$ deb-systemd-invoke restart 'libvirtd.service' 'libvirtd-ro.socket' 'libvirtd.socket' 'virtlockd.socket' 'virtlogd.socket

Ee didn't add/create this order - it is what dh_installsystemd made out of:
dh_installsystemd -p libvirt-daemon-system --restart-after-upgrade libvirtd.service
due to:
root@f2:~# grep Also /lib/systemd/system/libvirtd.service
Also=virtlockd.socket
Also=virtlogd.socket
Also=libvirtd.socket
Also=libvirtd-ro.socket

That is just lexical order:
# printf "virtlockd.socket\nvirtlogd.socket\nlibvirtd.socket\nlibvirtd-ro.socket\nlibvirtd.service" | sort
libvirtd-ro.socket
libvirtd.service
libvirtd.socket
virtlockd.socket
virtlogd.socket

IMHO deb-systemd-invoke as generated by dh_installsystemd has a few options:
- should always start with the service it was called?
- should not pull in "ALSO" sockets (I guess it was intentional thou)
- dh-installsystemd could add an option to influence that as needed per-package.

Gladly for libvirt this is only a warning and not breaking any behavior (as the later start recovers it). But I'll add a debhelper task for this case.

Note: as I expected this issue affects Debians libvirt-daemon-system and debhlper just as much.

Changed in libvirt (Ubuntu):
importance:	Undecided → Low

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2020-04-01:

#14

Reported to Debian for discussion there (linked the task above).

Bug Watch Updater (bug-watch-updater) on 2020-04-01

Changed in debhelper (Debian):
status:	Unknown → New

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2020-04-01:

#15

If you follow the Debian discussion it seems this tends to go the "please fix in systemd" way.
Therefore I'm adding a systemd task

Bug Watch Updater (bug-watch-updater) on 2020-04-02

Changed in debhelper (Debian):
status:	New → Incomplete

Revision history for this message

Balint Reczey (rbalint) wrote on 2020-04-03:

#16

@paelzer I've left a comment in the Debian bug, too, and I agree that the best fix would be in systemd, while I think for Focal a workaround will be needed (maybe the one I proposed there, maybe one in libvirt).

Changed in systemd (Ubuntu):
status:	New → Incomplete
status:	Incomplete → Confirmed
importance:	Undecided → Wishlist

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2020-04-15:

#17

This will be fixed on the next merge, in the debhelper discussion we settled on --no-also which is a hidden dh_systemd option.

OTOH the undocumented option even exists in Bionic, so for quite a while.
Maybe we should just add it to focal which would stop printing that warning and maybe solve more critical issues that we just haven't spotted yet.

Christian Ehrhardt  (paelzer) on 2020-04-15

Changed in libvirt (Ubuntu):
assignee:	nobody → Christian Ehrhardt  (paelzer)

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2020-04-16:

#18

I have tried to get this into 20.04 but it really does not behave the way it should.
- sockets are still restarted (more than ever)
- libvirt-guest is restarted (killing guests on upgrades)
...

This needs some more time and isn't feasible for a late minute change in 20.04.
I'm considering it as if it would be an SRU already, and for that the potential (and known) breakage clearly kills the little gain of that warning message being removed.

I'll make this part of the early (as it will need time and many tests to do it right) 20.10 virt stack tasks.

Revision history for this message

Christian Ehrhardt  (paelzer) wrote on 2020-08-07:

#19

The new code now handles sockets and services differently from libvirt packaging.
There might also have been changes to the various debhelpers, but the TL;DR is that I no more see this issue with libvirt 6.6.

I'll mark the bug as closed with that, but please report back if you happen to find a combination that triggers it again.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2020-08-29:

#20

Download full text (18.5 KiB)

This bug was fixed in the package libvirt - 6.6.0-1ubuntu2

---------------
libvirt (6.6.0-1ubuntu2) groovy; urgency=medium

  * d/p/u/lp-1892826-Revert-m4-virt-xdr-rewrite-XDR-check.patch: avoid clashes
    between libtripc and glibc that break libvirt-lxc (LP: #1892826)
  * d/p/ubuntu-aa/lp-1892736-apparmor-allow-libvirtd-to-call-virtiofsd.patch:
    allow libvirt to control virtiofsd (LP: #1892736)

libvirt (6.6.0-1ubuntu1) groovy; urgency=medium

This bug was fixed in the package libvirt - 6.6.0-1ubuntu2

---------------
libvirt (6.6.0-1ubuntu2) groovy; urgency=medium

libvirt (6.6.0-1ubuntu1) groovy; urgency=medium

* Merge with Debian 6.6.0-1 from experimental
    Among many other new features and fixes this includes fixes for:
    (LP: #1874647) - Stale libvirt cache leads to VM startup failures
    (LP: #1869796) - bad ordering and dependent restarts of services/sockets
    Remaining changes:
    - d/p/ubuntu-aa/lp-1847361-load-versioned-module.patch: allow loading
      versioned modules after qemu package upgrades (LP 1847361)
    - libvirt-uri.sh: Automatically switch default libvirt URI for users
      via user profile (xen URI on dom0, qemu:///system otherwise)
    - Disable libssh2 support (universe dependency)
    - Disable firewalld support (universe dependency)
    - Set qemu-group to kvm (for compat with older ubuntu)
    - Additional apport package-hook
    - Autostart default bridged network (As upstream does, but not Debian).
      In addition to just enabling it our solution provides:
      + do not autostart if subnet is already taken (e.g. in guests).
      + iterate some alternative subnets before giving up
    - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch: This is
      the group based access to libvirt functions as it was used in Ubuntu
      for quite long.
      + d/p/ubuntu/daemon-augeas-fix-expected.patch fix some related tests
        due to the group access change.
      + d/libvirt-daemon-system.postinst: add users in sudo to the libvirt
        group.
    - ubuntu/parallel-shutdown.patch: set parallel shutdown by default.
    - Update README.Debian with Ubuntu changes
    - d/p/ubuntu/ubuntu_machine_type.patch: accept ubuntu types as pci440fx
    - fix autopkgtests
      + d/t/control, d/t/smoke-qemu-session: fixup smoke-qemu-session by making
        vmlinuz available and accessible (Debian bug 848314)
      + d/t/control: fix smoke-qemu-session by ensuring the service will run
        installing libvirt-daemon-system
      + d/t/smoke-lxc: fix smoke-lxc by ignoring potential issues on destroy as
        long as the following undefine succeeds
      + d/t/smoke-lxc: use systemd instead of sysV to restart the service
    - dnsmasq related enhancements
      + run dnsmasq as libvirt-dnsmasq (LP: 1743718)
      + d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
      + d/libvirt-daemon-system.postrm: remove libvirt-dnsmasq user and group
        on purge
      + d/p/ubuntu/dnsmasq-as-priv-user: write dnsmasq config with user
        libvirt-dnsmasq and adapt the self tests to expect that config
      + d/libvirt-daemon-system.postinst: fix old libvirt-dnsmasq users group
      + Add dnsmasq configuration to work with system wide dnsmasq-base
    - debian/rules: disable the netcf backend. (LP: 1764314)
    - debian/patches/ubuntu/ovmf_paths.patch: adjust paths to secboot.fd UEFI
      Secure Boot enabled variants of the OVMF firmware and variable store for
      the paths where we ship these files in Ubuntu.
    - d/p/ubuntu/set-default-machine-to-ubuntu.patch: to select default
      machine type correctly with newer qemu/libvirt
    - d/control: add libzfslinux-dev to build-deps
    - d/control: drop libvirt-lxc, vbox and xen drivers to suggest
    - d/p/ubuntu/lp-1861125-ubuntu-models: recognize Ubuntu models for
      (LP 1861125) fixups
    - Apparmor Delta that is Ubuntu specific or yet to be upstreamed
      split into logical pieces. File names in debian/patches/ubuntu-aa/:
      + 0003-apparmor-libvirt-qemu-Allow-read-access-to-overcommi.patch:
        apparmor, libvirt-qemu: Allow read access to overcommit_memory
      + 0007-apparmor-libvirt-qemu-Allow-owner-read-access-to-PRO.patch:
        apparmor, libvirt-qemu: Allow owner read access to @{PROC}/*/auxv
      + 0020-virt-aa-helper-ubuntu-storage-paths.patch:
        apparmor, virt-aa-helper: Allow various storage pools and image
        locations
      + 0029-appmor-libvirt-qemu-Add-9p-support.patch: appmor,
        libvirt-qemu: Add 9p support
      + 0030-virt-aa-helper-Complete-9p-support.patch: virt-aa-helper:
        add l to 9p file options.
      + 0031-virt-aa-helper-Ask-for-no-deny-rule-for-readonly-dis.patch:
        virt-aa-helper: Ask for no deny rule for readonly disk (renamed and
        reworded, was virt-aa-helper-no-explicity-deny-for-basefiles.patch)
      + 0032-apparmor-libvirt-qemu-Allow-reading-charm-specific-c.patch:
        apparmor, libvirt-qemu: Allow reading charm-specific ceph config
      + 0033-UBUNTU-only-apparmor-for-kvm.powerpc-LP-1680384.patch: allow
        commands executed by ubuntu only kvm wrapper on ppc64el
        (LP 1686621 LP 1680384 LP 1784023)
      + 0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch:
        apparmor, virt-aa-helper: access for snapped nova
      + 0050-local-include-for-libvirt-qemu.patch,
        d/libvirt-daemon-system.postinst: provide a local apparmor include
        for abstraction/libvirt-qemu (LP: 1786019)
      + lp-1815910-allow-vhost-net.patch: avoid apparmor issues
        with vhost-net/vhost-vsock/vhost-scsi hotplug (LP: 1815910)
  * Dropped changes (in Debian now):
    - Enable some additional features on ppc64el and s390x (for arch parity)
      + systemtap, zfs, numa and numad on s390x.
      + systemtap on ppc64el.
    - enable attr support to store XATTR labels. Among other things
      this allows to properly restore file ownership (LP 691590)
        - d/control: build depend to libattr1-dev
        - d/rules: configure --with-attr
    - Install virt-login-shell-helper
    - Install augeas lenses for all drivers
    - Remove all mentions of Devhelp
    - not-installed: Remove obsolete entries
    - not-installed: List all split daemons files
    - d/control: bump build dep to python3
    - d/control: add python3-docutils as build dependency
    - d/rules: set enable-dependency-tracking to avoid FTBFS
    - d/rules: drop the no more existing phyp option
    - d/rules: drop the no more existing xen configure option
    - minimize patches generated by autoreconf
    - fix build on Debian/Ubuntu in qemuhotplugtest
    - d/libvirt-doc.doc: install rendered docs
    - d/libvirt-daemon-system.examples: drop old examples that are now active
    - d/libvirt-doc.doc-base.libvirt-doc: adapt doc base to new file placement
    - d/libvirt-daemon-system-sysv.lintian-overrides: not shipiing systemd files
    - d/libnss-libvirt.lintian-overrides: accept having two nss so files
    - d/rules: don't ship split daemons just yet
    - d/rules: install /etc/default/* files that are shared between sysv and
      systemd packages
    - d/rules: add libvirt-guests.default to libvirt-daemon-system instead of
      libvirt-daemon-system-sysv
    - d/rules: install virtlockd correctly with defaults file (LP: 1729516)
    - d/rules: also check build time self test results on all architectures
    - d/rules: add --no-restart-after-upgrade to services that are supposed to
      stay up through upgrades - this also applies to related sockets.
  * Dropped changes (part of upstream now):
    - d/p/ubuntu/lp-1879325-*: avoid issues with apparmor metadata labeling
      (LP 1879325)
    - d/p/ubuntu-aa/lp-1871354*: fix apparmor denials on libpmem init
      (LP 1871354)
    - d/p/ubuntu/CVE-CVE-2020-10701-api-disallow-virDomainAgentSetResponseTimeout
      -on-rea.patch: avoid DOS through read only connections
      CVE-2020-10701
    - d/p/ubuntu/lp-1867460-*: fix domcapabilities before capabilities
      and binary autodetection in general (LP 1867460)
    - d/p/stable/lp-1868539-*: stabilize libvirt by backporting upstream
      fixes (LP 1868539)
    - d/p/ubuntu/lp-1853200*: add cpu models without hle/rtm features to have
      modern types on kernels with recent security fixes (LP 1853200)
    - d/p/ubuntu/lp-1868528-*: Fail when fetching CPU Status for invalid CPU
      (LP 1868528)
    - d/p/ubuntu/lp-1865425-*: avoid killing the monitor job in
      qemuDomainSetTimeAgent (LP 1865425)
    - d/p/ubuntu-aa/virt-aa-helper-Add-support-for-smartcard-host-certif.patch:
      allow emulation of smartcard via host certificates
    - d/p/ubuntu/lp-1861125-*: fix non host-model migrations from old machine
      types (LP 1861125)
    - d/p/ubuntu-aa/apparmor-allow-to-call-vhost-user-gpu.patch: do not apparmor
      block vhost-user-gpu usage
    - d/p/ubuntu/lp-1655111*: fix qemu_bridge_helper to work with named
      profiles (LP 1655111)
  * Dropped changes (no more needed):
    - d/control: make libvirt-daemon-driver-storage-rbd a recommend instead of
      just a suggest. This was deprecated since bionic and now will be dropped.
    - Update Vcs-Git and Vcs-Browser fields to point to launchpad
    - d/control: VCS links to use generic Ubuntu launchpad git URLs
    - refreshed patches for libvirt v6.0.0
    - d/libvirt-daemon-system.postrm: change order of libvirt-qemu removal to
      avoid error messages on purge [deluser/delgroup no more report warnings]
    - "Additional apport package-hook": due to context auto updates
      d/libvirt-daemon.install had bad entries which are no more required.
    - d/control, d/rules: Disable rbd and zfs on riscv64 where they are
      unavailable (LP 1872952)
  * Added Changes:
    - d/control: breaks replaces for augeas lenses move in 6.0.0-1
      (follows Debian, droppable >22.04)
    - refresh ubuntu patches for 6.6
      - d/p/ubuntu-aa/0050-local-include-for-libvirt-qemu.patch
      - d/p/ubuntu-aa/0034-apparmor-virt-aa-helper-access-for-snapped-nova.patch
      - d/p/ubuntu-aa/0020-virt-aa-helper-ubuntu-storage-paths.patch
      - d/p/ubuntu/dnsmasq-as-priv-user
      - d/p/ubuntu/Allow-libvirt-group-to-access-the-socket.patch
      - d/p/ubuntu/daemon-augeas-fix-expected.patch
    - d/libvirt-daemon-system.postinst: fix bashism in dnsmasq related
      enhancements
    - d/p/ubuntu/wait-for-qemu-kvm.patch - avoid hangs on startup (LP: #1887592)
    - d/libvirt-clients.lintian-overrides: profile scripts are non executable
    - d/p/ubuntu-aa/apparmor-allow-unmounting-.dev-entries.patch: avoid
      triggering denials in devmapper error path
    - d/p/ubuntu-aa/pparmor-profiles-are-meant-to-allow-adding-permanen.patch:
      (again) allow permanent per guest overrides (LP: #1745114)
    - d/control: drop mdevctl to a suggest until (LP 1889248) is ready

libvirt (6.6.0-1) unstable; urgency=medium

* Team upload

[ Andrea Bolognani ]
  * [ecdcc72] New upstream version 6.6.0
    Includes fix for CVE-2020-14339 (Closes: #966563)
  * [751e146] upstream: Add key for Jiří Denemark
  * [ab2a1b4] control: Add Build-Depends on libtirpc-dev
  * [8714f7d] control: Drop Build-Depends on libncurses5-dev.
  * [1137e33] patches: Assign topic to all patches.
  * [51e52ab] patches: Reorder patches.

[ Christian Ehrhardt ]
  * [ceab403] d/control, d/rules: feature architecture parity.
    Enable systemtap, numa and numad on more architectures.
  * [dd2d1a9] Drop d/p/apparmor-Allow-[....]-name-service-.patch.
    Doesn't seem to be necessary anymore.
  * [d31eba5] fix device mapper issues.
    Add the following backports:
    - virdevmapper-Don-t-cache-device-mapper-major.patch
    - virdevmapper-Ignore-all-errors-when-opening-dev-mapper-co.patch
    - virdevmapper-Handle-kernel-without-device-mapper-support.patch
  * [3145e31] tools: fix libvirt-guests.sh text assignments
    Add the following backports:
    - tools-fix-libvirt-guests.sh-text-assignments.patch

libvirt (6.5.0-1) unstable; urgency=medium

* Team upload

* [38c0fa7] New upstream version 6.5.0
  * [b8a07b4] control: Add Recommends for mdevctl

libvirt (6.4.0-2) unstable; urgency=medium

[ Christian Ehrhardt ]
  * [d0f7eb5] enable attr support to be able to store XATTR labels.
    Among other things this allows to properly restore file ownership
    - d/control: build depend on libattr1-dev
    - d/rules: configure --with-attr
    Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/691590

[ Andrea Bolognani ]
  * Use consistent layout in packaging files

libvirt (6.4.0-1) experimental; urgency=medium

* Team upload

* [1662a90] New upstream version 6.4.0
    Includes a fix for CVE-2020-14301 (Closes: #963474)
  * [ad19936] patches: Drop tests-Mock-[...]-for-qemuhotplug.patch
  * [bfc4f8b] rules: Install upstream release notes
  * [995991b] control: Set Rules-Requires-Root: no
  * [dd75022] control: Bump Standards-Version to 4.5.0
  * [fa6aefb] rules: Enable 'bindnow' hardening option

libvirt (6.2.0-1) experimental; urgency=medium

* Team upload

[ Guido Günther ]
  * Upload to experimental
  * [1b6982f] New upstream version 6.2.0
    Contains fix for CVE-2020-10701. (Closes: #955841)
      Thanks to Carnil for the triage
    Contains fix for CVE-2020-12430. (Closes: #959447)

[ Andrea Bolognani ]
  * [ba77756] patches: Drop all gnulib-related patches
    Specifically:
      openpty-Skip-test-if-no-pty-is-available.patch
      Disable-gnulib-s-test-nonplocking-pipe.sh.patch
      test-posix_openpt-don-t-fail-on-EACCESS.patch
  * [2e0b5f1] patches: Add tests-Mock-[...]-for-qemuhotplug.patch
    Replaces:
      skip-qemuhotplugtest.patch
  * [7c1e182] debhelper: Use debhelper-compat package

libvirt (6.0.0-7) unstable; urgency=medium

[ Laurent Bigonville ]
  * [4e6f909] Disable polkit support on !linux, see: #927896
  * [3ee1c87] Do not build-depends against libglusterfs-dev on non-linux
    architectures

[ Guido Günther ]
  * [41c33eb] Rediff patches
  * [da804f9] Backport fix for CVE-2020-10701.
    Thanks to Carnil for the triage (Closes: #955841)
  * [a5dd08c] d/rules: systemd: Also pass --no-restart-on-upgrade when using
    --no-start.

[ Andrea Bolognani ]
  * [0c6a3a0] salsa-ci: Create local pristine-tar branch.

libvirt (6.0.0-6) unstable; urgency=medium

[ Laurent Bigonville ]
  * [ea7b8b7] autopkgtest exits with 2 when there are skipped tests do not
    consider that as fatal

[ Guido Günther ]
  * [100e8aa] Don't start or restart socket units on package upgrades.
    Changes get picked up when the corresponding system unit is being restarted.
    This avoids problems when socket and service units of the same service get
    restarted together. See #955483 for details.
  * [ff981d5] Pass --no-auto to dh_instalsystemd.
    This avoids generation of restart snippets for services listed in `Also=`
    sections of the service units. Otherwise these get restarted but we want
    to avoid that and let systemd figure it out all by itself.
    See: #955483, #841095

libvirt (6.0.0-5) unstable; urgency=medium

[ Guido Günther ]
  * [421e865] systemd: Don't restart libvirt-guests on upgrade
    (Closes: #955216)

[ Laurent Bigonville ]
  * [5f72035] Only run qemu test on amd64
    (Closes: #955278)

libvirt (6.0.0-4) unstable; urgency=medium

* [d7df842] sysv: Don't restart libvirt-guests on upgrade
    (Closes: #954921)

libvirt (6.0.0-3) unstable; urgency=medium

* [de68a4b] Bump Breaks/conflicts.
    While there were conflicts/breaks for the driver split we moved
    the augeas lenses in 6.0.0-1. (Closes: #954032, #953894)

libvirt (6.0.0-2) unstable; urgency=medium

* Upload to unstable

libvirt (6.0.0-1) experimental; urgency=medium

[ Guido Günther ]
  * [33890b9] New upstream version 6.0.0
    (Closes: #939552)
  * [c9f82be] gitlab-ci: Run autopkgtests

[ Christian Ehrhardt ]
  * [fa167bc] d/libnss-libvirt.lintian-overrides: accept having two nss so
    files
  * [bf48357] d/libvirt-daemon-system-sysv.lintian-overrides: not shipping
    systemd files.  Packages are split intentionally, ignore this lintian
    warning.
  * [2278598] d/rules: also check build time self test results on all
    architectures
  * [c1be36a] d/rules: drop doc binary cleanup.
  * [6d60c3c] d/rules: don't ship split daemons just yet
  * [33f8dc4] d/p/skip-qemuhotplugtest.patch: fix qemuhotplugtest.
    Skip some elements of qemuhotplugtest that for now break in
    Debian/Ubuntu build environments.
  * [a1734f7] d/rules: add libvirt-guests.default to libvirt-daemon-system
    instead of libvirt-daemon-system-sysv
  * [69f6cfe] d/rules: install /etc/default/* files that are shared between
    sysv and systemd packages
  * [31be682] d/rules: install virtlockd for sysv
    (Closes: #880970)

[ Andrea Bolognani ]
  * [070d158] Install virt-login-shell-helper.
    This new binary was introduced in libvirt 5.7.0 and is necessary for
    virt-login-shell to work.
  * [143dafb] Install augeas lenses for all drivers.
    These slipped through the cracks when we moved from picking up the
    corresponding directories as a whole to listing the specific files we're
    interested in.
  * [efa4cfe] Remove all mentions of Devhelp.
    As of libvirt 5.8.0, the corresponding files are no longer
    generated.
  * [8ebd427] not-installed: Remove obsolete entries.
    Now that upstream's build system has been fixed and we're picking up the
    documentation from the install location rather than the source directory,
    the corresponding files will no longer be flagged by dh_missing.
  * [ce54aef] not-installed: List all split daemons files.
    Since we're not shipping split daemons yet, the corresponding
    binaries as well as systemd units and augeas lenses will be
    flagged by dh_missing if we don't list them here.
  * [391e39d] symbols: Drop LIBVIRT_5.9.0
    libvirt 5.9.0 didn't introduce any new public symbols.

libvirt (6.0.0~rc1-1) experimental; urgency=medium

[ Guido Günther ]
  * [443fae0] New upstream version 6.0.0~rc1
  * [70c5676] Bump symbol versions
  * [eb6c6c1] gitlab-ci: Build package.
    We unfortunately can't use salsa-ci's prebuilt pipeline since
    that hangs on large jobs:
    https://salsa.debian.org/salsa/support/issues/180
    We redirct output to a file to work around:
    https://salsa.debian.org/salsa/support/issues/191

[ Christian Ehrhardt ]
  * [cc6b955] refresh d/p/* for v6.0.0
  * [5639ffb] d/control: bump build dep to python3
  * [dc99d35] d/rules: set enable-dependency-tracking to avoid FTBFS.
  * [af131c7] d/rules: drop the no more existing xen configure option
  * [84367d9] d/control: add python3-docutils as build dependency
  * [37f0a5c] d/libvirt-doc.doc: install rendered docs
  * [880f00e] d/libvirt-daemon-system.examples: Drop examples that are now
    conf files
  * [671aeca] d/libvirt-doc.doc-base.libvirt-doc: adapt doc base to new file
    placement

-- Christian Ehrhardt <christian.ehrhardt@canonical.com>  Tue, 25 Aug 2020 14:53:26 +0200

Changed in libvirt (Ubuntu):
status:	Confirmed → Fix Released

Bug Watch Updater (bug-watch-updater) on 2021-02-26

Changed in debhelper (Debian):
status:	Incomplete → New

Bug Watch Updater (bug-watch-updater) on 2022-06-22

Changed in debhelper (Debian):
status:	New → Confirmed

Bug Watch Updater (bug-watch-updater) on 2023-06-21

Changed in systemd:
status:	Unknown → New

Nick Rosbrook (enr0n) on 2023-08-25

Changed in systemd (Ubuntu):
status:	Confirmed → Won't Fix

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

debbugs #955483
[forwarded normal] Edit
auto-github-systemd-systemd #8102
[open RFE 🎁 pid1 downstream/rhel] Edit
auto-salsa.debian.org-salsa-support #180
[closed] Edit
auto-salsa.debian.org-salsa-support #191
[closed] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntulibvirt package

vague error during upgrade

Bug Description

Related branches

CVE References

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
libvirt package