Cannot start guest with emulator wrapper

Host:

Linux IT02 2.6.31-14-server #48-Ubuntu SMP Fri Oct 16 15:07:34 UTC 2009 x86_64 GNU/Linux

Package versions:

libvirt-bin 0.7.0-1ubuntu13.1
libvirt0 0.7.0-1ubuntu13.1
python-libvirt 0.7.0-1ubuntu13.1
python-virtinst 0.400.3-4ubuntu1
qemu-kvm 0.11.0-0ubuntu6.3
ubuntu-virt-server 1.2
virt-manager 0.7.0-3ubuntu1
virt-viewer 0.0.3-6ubuntu7.xul191.1
kvm 1:84+dfsg-0ubuntu16+0.11.0+0ubuntu6.3
qemu-kvm 0.11.0-0ubuntu6.3

Thank you for taking the time to report this bug and helping to make Ubuntu better. To help fix the bug, please follow the instructions found in https://wiki.ubuntu.com/DebuggingApparmor. This will greatly help us in tracking down your problem.

No files in /var/log/apparmor/

Entry in kern.log:
(Repeats everytime I tried to start guest - pid/parent varied but the rest is identical - if more are needed let me know)

Nov 30 10:11:12 IT02 kernel: [ 405.887561] type=1503 audit(1259593872.142:29): operation="exec" pid=2402 parent=1933 profile="/usr/sbin/libvirtd" requested_mask="x::" denied_mask="x::" fsuid=0 ouid=0 name="/etc/libvirt/qemu/kvm"

What is /etc/libvirt/qemu/kvm? This is not a proper location for an executable and doesn't seem to be a part of the default installation.

That is where the XML definitions resides on my system...

root@IT02:/home/jsmith# ls /etc/libvirt/
libvirtd.conf qemu qemu.conf storage
root@IT02:/home/jsmith# ls /etc/libvirt/qemu
autostart KarmicBeta1.xml kvm networks winXPpro.xml
root@IT02:/home/jsmith#

A bit of history (and maybe my problem isn't apparmor's problem specifically...)

The host system is an upgrade from 9.04. When it was 9.04 I uninstalled the distribution installs of kvm, libvirt, and virt manager and compiled and installed them from source to get some of the newer features available. I later removed the compiled versions and re-installed the distribution version. All of this was done before upgrading to 9.10. Maybe this caused some of the issue(s)?

Whoops that isn't correct - thats not where my XML resides. And I figured out what it is.

I was trying to get auto-connect USB recognition to work (back when it was 9.04) and the instructions here (http://david.wragg.org/blog/2009/03/usb-pass-through-with-libvirt-and-kvm.html) said to make this script up:

$ cat /etc/libvirt/qemu/kvm

#!/bin/sh
exec /usr/bin/kvm `echo $* | sed 's|-usbdevice host:\([^ ]*\)|-usbdevice host:auto:*.*:\1|g'`

and (direct quote from afore mentioned website)

"Save the script as /etc/libvirt/qemu/qemu-kvm, and make it executable. With that in place, you need to tell libvirt to use it instead of the real KVM binary. Do that by editing the VM XML description as described in my previous post. You need to edit the //domain/devices/emulator entry to refer to the wrapper script, e.g.

<domain type='kvm'>
  <name>windowsxp</name>
  …
  <devices>
    <emulator>/etc/libvirt/qemu/qemu-kvm</emulator>
    …
  </devices>
</domain>

Restart the relevant VMs, and USB pass-through with autoconnect should now work."

So now I realize it's not a bug really... now to figure out whether or not I really need the wrapper at all...

Sorry to have filed this without finding out it was my customization in the first place!

Marking Invalid per reporter's comment.

Jacob, if you still need the wrapper, you'll need to adjust your AppArmor profile a bit to get it to work. A good start would be to add to /etc/apparmor.d/usr.sbin.libvirtd:
  /etc/libvirt/qemu/kvm ixr,

followed by:
$ sudo apparmor_parser -r -W -T /etc/apparmor.d/usr.sbin.libvirtd

You may need to do more, and for USB pass through, you should also see (and adjust) /etc/apparmor.d/abstractions/libvirt-qemu.

Thanks!

I've got similar symptoms without a custom wrapper script.
Ubuntu (10.04) won't start my machines with apparmor enabled.

I had a normal <emulator>/usr/bin/kvm</emulator> entry in each machine.
After removing this entry, it works with apparmor, too.

Just want to leave this info here in case someone is having the same issue.

I'm testing kvm on 10.04 and have some similar problems. I found that sometimes after rebooting the host don't responses virsh

root@baal:~# virsh vncdisplay enm-fw
error: unable to connect to '/var/run/libvirt/libvirt-sock': No such file or directory
error: failed to connect to the hypervisor
root@baal:~#

Looking in services up:

root@baal:~# initctl list
qemu-kvm stop/waiting
...
libvirt-bin stop/waiting
...
root@baal:~#

qemu-kvm is down and libvirt-bin too.
And other times the services are up and virsh responding but don't autostart the VM. If i started in the command line the VM can boot normally.

Additional info on the VM that don't responses to autostart:

root@baal:~# virsh dominfo enm-fw
Id: 3
Name: enm-fw
UUID: bdf8b960-4f96-653f-b36f-58d03261dce3
OS Type: hvm
State: running
CPU(s): 1
CPU time: 1231.4s
Max memory: 262144 kB
Used memory: 262144 kB
Autostart: enable
Security model: apparmor
Security DOI: 0
Security label: libvirt-bdf8b960-4f96-653f-b36f-58d03261dce3 (enforcing)

root@baal:~#

FunkyM0nk3y, this is (potentially) a different issue. If you are using a different emulator or wrapper script, you will need to adjust /etc/apparmor.d/usr.sbin.libvirtd to add a rule allowing access to your non-default emulator, then run:
$ sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.libvirtd

If this is not your problem, or you are unsure, please file a new bug with 'ubuntu-bug libvirt'. Thanks