Ubuntu
libvirt package

virsh's "define" does not create apparmor profiles

Bug #496163 reported by dp on 2009-12-13

This bug report is a duplicate of: Bug #530400: starting kvm guest with disk file in /etc fails with apparmor error 'could not remove profile'. Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	libvirt (Ubuntu)	Invalid	Undecided	Jamie Strandboge

Bug Description

I downloaded a VMWare Appliance. I convertet the disk image to qcow2 using qemu-img convert and copied the result to /var/lib/libvirt/images/mydisk.img. I converted the .vmx file using "vmware2libvirt" and stored the output in a temporary file. I update the device file to point to the image previously created in /var/... . I ran "virsh" and used "define myvm.libvirt" to define the VM.

When I run "start NameOfMyVM", virsh gives me the following error:

Fehler: Domain NameOfMyVM konnte nicht gestartet werden
Fehler: could not remove profile for 'libvirt-d7d7500b-ebb1-4204-964b-ef44b4014030'

tail'ing /var/log/syslog, I get the following:

Dec 13 13:22:18 hobbes NetworkManager: SCPlugin-Ifupdown: devices added (path: /sys/devices/virtual/net/vnet0, iface: vnet0)
Dec 13 13:22:18 hobbes NetworkManager: SCPlugin-Ifupdown: device added (path: /sys/devices/virtual/net/vnet0, iface: vnet0): no ifupdown configuration found.
Dec 13 13:22:18 hobbes NetworkManager: <WARN> device_creator(): /sys/devices/virtual/net/vnet0: couldn't determine device driver; ignoring...
Dec 13 13:22:18 hobbes kernel: [10456.128148] device vnet0 entered promiscuous mode
Dec 13 13:22:18 hobbes kernel: [10456.128552] virbr0: topology change detected, propagating
Dec 13 13:22:18 hobbes kernel: [10456.128556] virbr0: port 1(vnet0) entering forwarding state
Dec 13 13:22:18 hobbes libvirtd: 13:22:18.771: error : virSecurityReportError:108 : error calling aa_change_profile()
Dec 13 13:22:18 hobbes libvirtd: 13:22:18.771: error : qemudSecurityHook:1790 : internal error Failed to set security label
Dec 13 13:22:18 hobbes libvirtd: 13:22:18.778: error : virExecDaemonize:678 : internal error Intermediate daemon process exited with status 1.
Dec 13 13:22:18 hobbes kernel: [10456.173247] virbr0: port 1(vnet0) entering disabled state
Dec 13 13:22:18 hobbes NetworkManager: SCPlugin-Ifupdown: devices removed (path: /sys/devices/virtual/net/vnet0, iface: vnet0)
Dec 13 13:22:18 hobbes kernel: [10456.213150] device vnet0 left promiscuous mode
Dec 13 13:22:18 hobbes kernel: [10456.213160] virbr0: port 1(vnet0) entering disabled state
Dec 13 13:22:18 hobbes libvirtd: 13:22:18.886: error : qemudReadLogOutput:816 : internal error Process exited while reading console log output
Dec 13 13:22:18 hobbes libvirtd: 13:22:18.886: error : qemudWaitForMonitor:1103 : internal error unable to start guest: libvir: Security Labeling error : error calling aa_change_profile()#012libvir: QEMU error : internal error Failed to set security label#012
Dec 13 13:22:18 hobbes libvirtd: 13:22:18.905: error : virRun:833 : internal error '/usr/bin/virt-aa-helper -R -u libvirt-d7d7500b-ebb1-4204-964b-ef44b4014030' exited with non-zero status 1 and signal 0: virt-aa-helper: error: profile does not exist#012
Dec 13 13:22:18 hobbes libvirtd: 13:22:18.905: error : virSecurityReportError:108 : could not remove profile for 'libvirt-d7d7500b-ebb1-4204-964b-ef44b4014030'

When googling for these errors I found several bigreports regarding libvort and apparmor, all of which are marked as fixed. Looking at /etc/apparmor.d/libvirt I found that no apparmor profile for the new VM was created.

I previoisly created a working kvm-VM from scratch (read: install OS from iso-image) using virt-manager (the GUI).

ProblemType: Bug
Architecture: amd64
Date: Sun Dec 13 13:07:06 2009
DistroRelease: Ubuntu 9.10
InstallationMedia: Ubuntu 9.10 "Karmic Koala" - Release Candidate amd64 (20091020.3)
Package: libvirt-bin 0.7.0-1ubuntu13.1
ProcEnviron:
SHELL=/bin/bash
LANG=de_DE.UTF-8
LANGUAGE=
ProcVersionSignature: Ubuntu 2.6.31-16.53-generic
SourcePackage: libvirt
Uname: Linux 2.6.31-16-generic x86_64

Tags: