Ubuntu Cloud Archive

Comment 20 for bug 1890858

Revision history for this message

Robert Euhus (euhus-liste1) wrote on 2021-06-08:

#20

Hi Christian,

we noticed this problem on several of our machines, so I would like to give this bug report another try. ;)

I have a (relatively) clean install of Ubuntu 20.04 (no upgrade), which is joined to a Windows AD-domain via sssd, but currently used off site with cached credentials.

My domain user experiences the problem, but any local user doesn't.

I have checked with three different local users: the admin created during install, a new ordinary user, and another new one with the nonstandard HOME directory /home/TEST/tester1. All users were members of the libvirt group, the domain user is also in adm sudo users lpadmin.

The 'network unix dgram' entry "fixes" the problem for my domain user.

The problem was also reproduceable on a fresh install after domain join with a domain user.

Here is what I did:

1) normal startup with default profile

2) get sockets status:
- systemctl status $(basename -a $(dpkg -L libvirt-daemon-system | grep -e .socket -e .service | xargs) | xargs) > systemctl_status_before

3) run strace in the pid of libvirtd:
- systemctl status libvirtd
- strace -p 1246 2>&1 | tee -a strace_local_user_success

4) try to connect al local user -> success:
- virsh list
Id Name State
--------------------

5) get sockets status:
- systemctl status $(basename -a $(dpkg -L libvirt-daemon-system | grep -e .socket -e .service | xargs) | xargs) > systemctl_status_after_success

6) stop strace and restart for next try:
- strace -p 1246 2>&1 | tee -a strace_domain_user_fail

7) try to connect as domain user -> failure:
- virsh list
error: failed to connect to the hypervisor
error: End of file while reading data: Eingabe-/Ausgabefehler

8) get sockets status:
- systemctl status $(basename -a $(dpkg -L libvirt-daemon-system | grep -e .socket -e .service | xargs) | xargs) > systemctl_status_after_failure

9) add 'network unix dgram,' to /etc/apparmor.d/usr.sbin.libvirtd and apply changes:
- vim /etc/apparmor.d/usr.sbin.libvirtd
- diff /etc/apparmor.d/usr.sbin.libvirtd{,.orig}
42d4
< network unix dgram,

10) run strace on the new process:
- systemctl status libvirtd
- strace -p 11051 2>&1 | tee -a strace_domain_user_network_unix_dgram_success

11) try again as domain user -> success:
- virsh list
Id Name State
--------------------

12) get surrounding area from syslog:
- grep 'Jun 8 14:5$7\|8\|9$' /var/log/syslog > syslog-error

I will upload all of the mentioned log files.

If You need enything else, please let me know.

I am really curious about the reason and the real fix for this issue.

Hi Christian,

we noticed this problem on several of our machines, so I would like to give this bug report another try. ;)

I have a (relatively) clean install of Ubuntu 20.04 (no upgrade), which is joined to a Windows AD-domain via sssd, but currently used off site with cached credentials.

My domain user experiences the problem, but any local user doesn't.

The 'network unix dgram' entry "fixes" the problem for my domain user.

The problem was also reproduceable on a fresh install after domain join with a domain user.

Here is what I did:

1) normal startup with default profile

2) get sockets status:
 - systemctl status $(basename -a $(dpkg -L libvirt-daemon-system | grep -e .socket -e .service | xargs) | xargs) > systemctl_status_before

3) run strace in the pid of libvirtd:
 - systemctl status libvirtd
 - strace -p 1246 2>&1 | tee -a strace_local_user_success
  
4) try to connect al local user -> success:
 - virsh list
 Id   Name   State
--------------------

5) get sockets status:
 - systemctl status $(basename -a $(dpkg -L libvirt-daemon-system | grep -e .socket -e .service | xargs) | xargs)  > systemctl_status_after_success

6) stop strace and restart for next try:
 - strace -p 1246 2>&1 | tee -a strace_domain_user_fail

7) try to connect as domain user -> failure:
 - virsh list
error: failed to connect to the hypervisor
error: End of file while reading data: Eingabe-/Ausgabefehler

8) get sockets status:
 - systemctl status $(basename -a $(dpkg -L libvirt-daemon-system | grep -e .socket -e .service | xargs) | xargs)  > systemctl_status_after_failure

9) add 'network unix dgram,' to /etc/apparmor.d/usr.sbin.libvirtd and apply changes:
 - vim /etc/apparmor.d/usr.sbin.libvirtd
 - diff /etc/apparmor.d/usr.sbin.libvirtd{,.orig}
42d4
<   network unix dgram,

10) run strace on the new process:
 - systemctl status libvirtd
 - strace -p 11051 2>&1 | tee -a strace_domain_user_network_unix_dgram_success

11) try again as domain user -> success:
 - virsh list
 Id   Name   State
--------------------

12) get surrounding area from syslog:
 - grep 'Jun  8 14:5$7\|8\|9$' /var/log/syslog > syslog-error

I will upload all of the mentioned log files.

If You need enything else, please let me know.

I am really curious about the reason and the real fix for this issue.