Ubuntu
libvirt package

apparmor recipe doesn't allow access to /proc/device-tree/ on ppc, so fails to work

Bug #1326851 reported by Ben Collins on 2014-06-05

This bug report is a duplicate of: Bug #1321365: virsh (ppc) fails with "missing /proc/device-tree/cpu ". Edit Remove

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	libvirt (Ubuntu)	Confirmed	Critical	Unassigned

Bug Description

The default apparmor recipe should allow "/proc/device-tree/** r," so that PowerPC vm's will work. QEmu needs to access these nodes in order to gain information about the CPU type and other hardware related information for KVM VMs.

Revision history for this message

Ben Collins (ben-collins) wrote on 2014-06-05:

Here is the failure from syslog:

Jun 5 10:14:21 CTS0015 kernel: [2386259.248034] type=1400 audit(1401981261.112:21): apparmor="DENIED" operation="open" profile="libvirt-646711db-3f9c-4db5-ba8d-1a7a502c4abb" name="/proc/device-tree/cpus/" pid=7070 comm="qemu-system-ppc" requested_mask="r" denied_mask="r" fsuid=106 ouid=0

This prevents VMs from working at all, so hence the severity.

Changed in libvirt (Ubuntu):
status:	New → Confirmed
importance:	Undecided → Critical

Report a bug

This report contains Public information

Everyone can see this information.

Duplicate of bug #1321365 Remove

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntulibvirt package

apparmor recipe doesn't allow access to /proc/device-tree/ on ppc, so fails to work

Bug Description

Other bug subscribers

Remote bug watches

Ubuntu
libvirt package