Libvirt 8.0.0 Error When Starting Windows 11 VM "'/var/lib/libvirt/qemu/nvram/win11_VARS.fd': Permission denied"
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libvirt (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
swtpm (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
- Windows 11 guest OS
- swtpm TPM emulator version 0.6.1
- TPM with Model "TIS" and version 2.0
- Libvirt 8.0.0
I am unable to start a Windows 11 VM with libvirt/QEMU and see the following error message. This happens after I add firmware="efi" in the VM's XML configuration and attempt to start the VM. This is caused by AppArmor.
<os firmware="efi">
<type arch="x86_64" machine=
<boot dev="hd"/>
</os>
Here is the error:
Traceback (most recent call last):
File "/usr/share/
callback(
File "/usr/share/
callback(*args, **kwargs)
File "/usr/share/
ret = fn(self, *args, **kwargs)
File "/usr/share/
self.
File "/usr/local/
raise libvirtError(
libvirt.
Here are the AppArmor logs for qemu:
apparmor="DENIED" operation="open" profile=
apparmor="DENIED" operation=
apparmor="DENIED" operation=
apparmor="DENIED" operation="open" profile=
apparmor="DENIED" operation="mknod" profile=
|||||||
Found solution -
1. Add the following lines to the end of /etc/apparmor.
/var/lib/
/sys/kernel/
/usr/share/
/run/libvirt/
2. Reload apparmor, restart libvirtd:
sudo systemctl reload apparmor.service
sudo systemctl restart libvirtd
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |
description: | updated |