Comment 0 for bug 1250216

The generated Apparmor policy prevents a guest from using huge pages.

Steps to reproduce:

1) Set KVM_HUGEPAGES=1 in /etc/default/qemu-kvm
2) restart qemu-kvm
3) sysctl vm.nr_hugepages = 256
4) virsh define/edit test-guest
  ...
  <memoryBacking>
    <hugepages/>
  </memoryBacking>
  ...
5) virsh start test-guest
6) check /var/log/kern.log searching for:
 apparmor="DENIED" operation="mknod" parent=1 profile="libvirt-42c86291-5d88-443f-96b7-3dbfd22c8658" name="/run/hugepages/kvm/libvirt/qemu/qemu_back_mem.pc.ram.kuj13U" pid=4035 comm="qemu-system-x86" requested_mask="c" denied_mask="c" fsuid=107 ouid=107

As a temporary measure, I added this to /etc/apparmor.d/abstractions/libvirt-qemu:

  owner "/run/hugepages/kvm/libvirt/qemu/**" rw,

And it works. A better fix would be to fix the policy generator because the huge pages is now pretty visible since it is in /etc/default/qemu-kvm.

Even if this bug is related to LP: #1001584 I think it's 2 different issues.

# lsb_release -rd
Description: Ubuntu 13.10
Release: 13.10
# apt-cache policy libvirt-bin
libvirt-bin:
  Installed: 1.1.1-0ubuntu8.1
  Candidate: 1.1.1-0ubuntu8.1
  Version table:
 *** 1.1.1-0ubuntu8.1 0
        500 http://security.ubuntu.com/ubuntu/ saucy-security/main amd64 Packages
        100 /var/lib/dpkg/status
     1.1.1-0ubuntu8 0
        500 http://archive.ubuntu.com/ubuntu/ saucy/main amd64 Packages