apparmor is preventing access to user copied files in /var/lib/libvirt/images/ thus resulting in failure to start vm
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
qemu (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
jammy minimal install using desktop iso, at installer choose root on zfs
once installed, at gui disable the buggy wayland since teamviewer doesn't work well with it
then install virt-manager & friends
in virt-manager start the wizard for new machine, select windows 10, create zfs volume for it
virsh edit the vm to add SLIC & friends from /sys/firmware/
power on the vm
result:
apr 29 16:01:31 cglinux audit[543570]: AVC apparmor="STATUS" operation=
apr 29 16:01:31 cglinux kernel: audit: type=1400 audit(165123729
apr 29 16:01:31 cglinux systemd-
apr 29 16:01:31 cglinux systemd[1]: Started Virtual Machine qemu-9-
apr 29 16:01:31 cglinux audit[543597]: AVC apparmor="DENIED" operation="open" profile=
apr 29 16:01:31 cglinux kernel: audit: type=1400 audit(165123729
apr 29 16:01:31 cglinux kernel: virbr0: port 1(vnet7) entered disabled state
apr 29 16:01:31 cglinux kernel: device vnet7 left promiscuous mode
apr 29 16:01:31 cglinux kernel: virbr0: port 1(vnet7) entered disabled state
apr 29 16:01:31 cglinux NetworkManager[
apr 29 16:01:31 cglinux NetworkManager[
apr 29 16:01:31 cglinux gnome-shell[3733]: Removing a network device that was not added
apr 29 16:01:31 cglinux gnome-shell[3733]: JS ERROR: TypeError: this._devices[
apr 29 16:01:31 cglinux libvirtd[1932]: Unable to read from monitor: Connection reset by peer
apr 29 16:01:31 cglinux systemd[1]: machine-
apr 29 16:01:31 cglinux libvirtd[1932]: internal error: qemu unexpectedly closed the monitor: qemu-system-x86_64: -acpitable file=/var/
apr 29 16:01:31 cglinux libvirtd[1932]: internal error: process exited while connecting to monitor: qemu-system-x86_64: -acpitable file=/var/
apr 29 16:01:31 cglinux systemd-
apr 29 16:01:31 cglinux audit[543615]: AVC apparmor="STATUS" operation=
apr 29 16:01:31 cglinux kernel: audit: type=1400 audit(165123729
tried various chown of files copied in var lib libvirt images from root to my username to libvirt-qemu, no success, until I realized from logs that it's apparmor fault, not file owner.
ProblemType: Bug
DistroRelease: Ubuntu 22.04
Package: qemu-system-x86 1:6.2+dfsg-2ubuntu6
ProcVersionSign
Uname: Linux 5.15.0-27-generic x86_64
NonfreeKernelMo
ApportVersion: 2.20.11-0ubuntu82
Architecture: amd64
CasperMD5CheckR
CurrentDesktop: ubuntu:GNOME
Date: Fri Apr 29 16:10:20 2022
InstallationDate: Installed on 2022-04-28 (1 days ago)
InstallationMedia: Ubuntu 22.04 LTS "Jammy Jellyfish" - Release amd64 (20220419)
KvmCmdLine: COMMAND STAT EUID RUID PID PPID %CPU COMMAND
Lsusb:
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 003: ID 413c:2113 Dell Computer Corp. KB216 Wired Keyboard
Bus 001 Device 002: ID 413c:301a Dell Computer Corp. Dell MS116 Optical Mouse
Bus 001 Device 004: ID 0b05:17d1 ASUSTek Computer, Inc. AC51 802.11a/b/g/n/ac Wireless Adapter [Mediatek MT7610U]
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
MachineType: Dell Inc. OptiPlex 3070
ProcKernelCmdLine: BOOT_IMAGE=
SourcePackage: qemu
UpgradeStatus: No upgrade log present (probably fresh install)
dmi.bios.date: 09/27/2021
dmi.bios.release: 1.10
dmi.bios.vendor: Dell Inc.
dmi.bios.version: 1.10.0
dmi.board.name: 07WP95
dmi.board.vendor: Dell Inc.
dmi.board.version: A02
dmi.chassis.type: 3
dmi.chassis.vendor: Dell Inc.
dmi.modalias: dmi:bvnDellInc.
dmi.product.family: OptiPlex
dmi.product.name: OptiPlex 3070
dmi.product.sku: 0930
dmi.sys.vendor: Dell Inc.
tags: | removed: server-triage-discuss |
virsh dumpxml win11oem-uefi1
<domain type='kvm' xmlns:qemu='http:// libvirt. org/schemas/ domain/ qemu/1. 0'> win11oem- uefi1</ name> 4c4c4544- 0050-5210- 8044-b3c04f5635 33</uuid> libosinfo xmlns:libosinfo="http:// libosinfo. org/xmlns/ libvirt/ domain/ 1.0"> microsoft. com/win/ 10"/> :libosinfo> >12582912< /memory> >8388608< /currentMemory> 'static' >4</vcpu> >1.10.0< /entry> >09/27/ 2021</entry> >1.10.0< /entry> rer'>Dell Inc.</entry> >OptiPlex 3070</entry> >xxxxxx< /entry> >xxxxxxxxxxxxxx xxxxx</ entry> >xxxx</ entry> >OptiPlex< /entry> rer'>Dell Inc.</entry> >xxxxx< /entry> >xxxx</ entry> >xxxxxxxxxxx/ </entry> rer'>Dell Inc.</entry> >xxxxxx< /entry> >Desktop< /entry> 'pc-q35- 6.2'>hvm< /type> >/usr/share/ OVMF/OVMF_ CODE_4M. ms.fd</ loader> /var/lib/ libvirt/ qemu/nvram/ win11oem- uefi_VARS. fd</nvram> passthrough' check='none' migratable='on'> 'catchup' /> 'delay' /> destroy< /on_poweroff> restart< /on_reboot> destroy< /on_crash> to-disk enabled='no'/> /usr/bin/ qemu-system- x86_64< /emulator> zvol/rpool/ win11oem' /> pcie-root- port'> root-port' />
<name>
<uuid>
<metadata>
<libosinfo:
<libosinfo:os id="http://
</libosinfo
</metadata>
<memory unit='KiB'
<currentMemory unit='KiB'
<memoryBacking>
<source type='memfd'/>
<access mode='shared'/>
</memoryBacking>
<vcpu placement=
<sysinfo type='smbios'>
<bios>
<entry name='vendor'>Dell Inc.</entry>
<entry name='version'
<entry name='date'
<entry name='release'
</bios>
<system>
<entry name='manufactu
<entry name='product'
<entry name='serial'
<entry name='uuid'
<entry name='sku'
<entry name='family'
</system>
<baseBoard>
<entry name='manufactu
<entry name='product'
<entry name='version'
<entry name='serial'
</baseBoard>
<chassis>
<entry name='manufactu
<entry name='serial'
<entry name='sku'
</chassis>
</sysinfo>
<os>
<type arch='x86_64' machine=
<loader readonly='yes' type='pflash'
<nvram>
<boot dev='hd'/>
</os>
<features>
<acpi/>
<apic/>
<hyperv mode='custom'>
<relaxed state='on'/>
<vapic state='on'/>
<spinlocks state='on' retries='8191'/>
</hyperv>
<vmport state='off'/>
</features>
<cpu mode='host-
<topology sockets='1' dies='1' cores='4' threads='1'/>
</cpu>
<clock offset='localtime'>
<timer name='rtc' tickpolicy=
<timer name='pit' tickpolicy=
<timer name='hpet' present='no'/>
<timer name='hypervclock' present='yes'/>
</clock>
<on_poweroff>
<on_reboot>
<on_crash>
<pm>
<suspend-to-mem enabled='no'/>
<suspend-
</pm>
<devices>
<emulator>
<disk type='block' device='disk'>
<driver name='qemu' type='raw' cache='none' io='native' discard='unmap'/>
<source dev='/dev/
<target dev='sda' bus='scsi'/>
<address type='drive' controller='0' bus='0' target='0' unit='0'/>
</disk>
<controller type='usb' index='0' model='qemu-xhci' ports='15'>
<address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
</controller>
<controller type='pci' index='0' model='pcie-root'/>
<controller type='pci' index='1' model='
<model name='pcie-
<targ...