Ubuntu
virt-manager package

Can't start Win11 Guest: Could not get process id of swtpm

Bug #1994030 reported by Rene Becker
26
This bug affects 5 people
Affects Status Importance Assigned to Milestone
virt-manager (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

After upgrade to Kubuntu 22.10 I am not able to start a pre-existing Win7 VM anymore.
The error message I am getting is:

"Error starting domain: internal error:Could not get process id of swtpm"

When selecting 'detailed information' I am shown:

Error starting domain: internal error: Could not get process id of swtpm

Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 72, in cb_wrapper
    callback(asyncjob, *args, **kwargs)
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 108, in tmpcb
    callback(*args, **kwargs)
  File "/usr/share/virt-manager/virtManager/object/libvirtobject.py", line 57, in newfn
    ret = fn(self, *args, **kwargs)
  File "/usr/share/virt-manager/virtManager/object/domain.py", line 1402, in startup
    self._backend.create()
  File "/usr/lib/python3/dist-packages/libvirt.py", line 1352, in create
    raise libvirtError('virDomainCreate() failed')

Looks like some permission problem - when inspecting the output of 'dmesg' I see the following:

[Oct24 22:31] audit: type=1400 audit(1666611065.350:507): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="libvirt-1c4209f5-6f03-4c1d-bfa9-da551fb76e22" pid=223701 comm="apparmor_parser"
[ +0.154692] audit: type=1400 audit(1666611065.506:508): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="libvirt-1c4209f5-6f03-4c1d-bfa9-da551fb76e22" pid=223704 comm="apparmor_parser"
[ +0.114645] audit: type=1400 audit(1666611065.619:509): apparmor="STATUS" operation="profile_replace" profile="unconfined" name="libvirt-1c4209f5-6f03-4c1d-bfa9-da551fb76e22" pid=223708 comm="apparmor_parser"
[ +0.144500] audit: type=1400 audit(1666611065.763:510): apparmor="STATUS" operation="profile_replace" info="same as current profile, skipping" profile="unconfined" name="libvirt-1c4209f5-6f03-4c1d-bfa9-da551fb76e22" pid=223712 comm="apparmor_parser"
[ +0.017447] audit: type=1400 audit(1666611065.783:511): apparmor="DENIED" operation="file_inherit" class="file" profile="swtpm" name="/run/libvirt/qemu/swtpm/8-Win11-swtpm.pid" pid=223718 comm="swtpm" requested_mask="w" denied_mask="w" fsuid=131 ouid=0
[ +0.007504] virbr0: port 1(vnet7) entered blocking state
[ +0.000007] virbr0: port 1(vnet7) entered disabled state

ProblemType: Bug
DistroRelease: Ubuntu 22.10
Package: virt-manager 1:4.1.0-1
ProcVersionSignature: Ubuntu 5.19.0-23.24-generic 5.19.7
Uname: Linux 5.19.0-23-generic x86_64
NonfreeKernelModules: nvidia_modeset nvidia
ApportVersion: 2.23.1-0ubuntu3
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: KDE
Date: Mon Oct 24 22:26:03 2022
ExecutablePath: /usr/bin/virt-manager
InstallationDate: Installed on 2021-03-01 (602 days ago)
InstallationMedia: Kubuntu 20.04.2.0 LTS "Focal Fossa" - Release amd64 (20210209.1)
InterpreterPath: /usr/bin/python3.10
PackageArchitecture: all
ProcEnviron:
 LANG=en_AU.UTF-8
 LANGUAGE=en_AU:en
 PATH=(custom, user)
 SHELL=/bin/bash
 XDG_RUNTIME_DIR=<set>
Python3Details: /usr/bin/python3.10, Python 3.10.7, python3-minimal, 3.10.6-1
PythonDetails: N/A
SourcePackage: virt-manager
UpgradeStatus: Upgraded to kinetic on 2022-10-23 (0 days ago)

Revision history for this message
Rene Becker (rene-j-becker) wrote :
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in virt-manager (Ubuntu):
status: New → Confirmed
Revision history for this message
Simon Elmir (nerd65536) wrote :

On my system, pidfiles in /run/libvirt/qemu/swtpm/ are apparently created/owned by root, so the "owner /run/libvirt/qemu/swtpm/*.pid rwk," line in /etc/apparmor.d/usr.bin.swtpm doesn't grant swtpm access.

Workaround:

Add "/run/libvirt/qemu/swtpm/*.pid rwk," to the local override config in /etc/apparmor.d/local/usr.bin.swtpm, and then `sudo systemctl reload apparmor.service`.

Revision history for this message
Alex (fullstackalex) wrote :

Adding "/run/libvirt/qemu/swtpm/*.pid rwk," in /etc/apparmor.d/local/usr.bin.swtpm worked for me. Thanx!

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.