The generated Apparmor policy prevents a guest from using huge pages.
Steps to reproduce:
1) Set KVM_HUGEPAGES=1 in /etc/default/qemu-kvm 2) restart qemu-kvm 3) sysctl vm.nr_hugepages = 256 4) virsh define/edit test-guest ... <memoryBacking> <hugepages/> </memoryBacking> ... 5) virsh start test-guest 6) check /var/log/kern.log searching for: apparmor="DENIED" operation="mknod" parent=1 profile="libvirt-42c86291-5d88-443f-96b7-3dbfd22c8658" name="/run/hugepages/kvm/libvirt/qemu/qemu_back_mem.pc.ram.kuj13U" pid=4035 comm="qemu-system-x86" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
As a temporary measure, I added this to /etc/apparmor.d/abstractions/libvirt-qemu:
owner "/run/hugepages/kvm/libvirt/qemu/**" rw,
And it works. A better fix would be to fix the policy generator because the huge pages is now pretty visible since it is in /etc/default/qemu-kvm.
Even if this bug is related to LP: #1001584 I think it's 2 different issues.
# lsb_release -rd Description: Ubuntu 13.10 Release: 13.10 # apt-cache policy libvirt-bin libvirt-bin: Installed: 1.1.1-0ubuntu8.1 Candidate: 1.1.1-0ubuntu8.1 Version table: *** 1.1.1-0ubuntu8.1 0 500 http://security.ubuntu.com/ubuntu/ saucy-security/main amd64 Packages 100 /var/lib/dpkg/status 1.1.1-0ubuntu8 0 500 http://archive.ubuntu.com/ubuntu/ saucy/main amd64 Packages
The generated Apparmor policy prevents a guest from using huge pages.
Steps to reproduce:
1) Set KVM_HUGEPAGES=1 in /etc/default/ qemu-kvm "libvirt- 42c86291- 5d88-443f- 96b7-3dbfd22c86 58" name="/ run/hugepages/ kvm/libvirt/ qemu/qemu_ back_mem. pc.ram. kuj13U" pid=4035 comm="qemu- system- x86" requested_mask="c" denied_mask="c" fsuid=107 ouid=107
2) restart qemu-kvm
3) sysctl vm.nr_hugepages = 256
4) virsh define/edit test-guest
...
<memoryBacking>
<hugepages/>
</memoryBacking>
...
5) virsh start test-guest
6) check /var/log/kern.log searching for:
apparmor="DENIED" operation="mknod" parent=1 profile=
As a temporary measure, I added this to /etc/apparmor. d/abstractions/ libvirt- qemu:
owner "/run/hugepages /kvm/libvirt/ qemu/** " rw,
And it works. A better fix would be to fix the policy generator because the huge pages is now pretty visible since it is in /etc/default/ qemu-kvm.
Even if this bug is related to LP: #1001584 I think it's 2 different issues.
# lsb_release -rd security. ubuntu. com/ubuntu/ saucy-security/main amd64 Packages dpkg/status archive. ubuntu. com/ubuntu/ saucy/main amd64 Packages
Description: Ubuntu 13.10
Release: 13.10
# apt-cache policy libvirt-bin
libvirt-bin:
Installed: 1.1.1-0ubuntu8.1
Candidate: 1.1.1-0ubuntu8.1
Version table:
*** 1.1.1-0ubuntu8.1 0
500 http://
100 /var/lib/
1.1.1-0ubuntu8 0
500 http://