Error creating new VM with OVMF
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libvirt (Ubuntu) |
Fix Released
|
High
|
Unassigned | ||
Trusty |
Won't Fix
|
High
|
Unassigned | ||
Wily |
Won't Fix
|
High
|
Unassigned |
Bug Description
=======
SRU Justification
Impact: cannot start VMs with UEFI
Test case:
Regression potential: virt-aa-helper is modified to add the nvram files to the allowed list, there should be no regressions.
=======
When I'm trying to create new VM through virt-manager with OVMF firmware instead of BIOS an error appears:
Failed to complete an installation: «internal error: cannot load AppArmor profile «libvirt-
Traceback (most recent call last):
File "/usr/share/
callback(
File "/usr/share/
guest.
File "/usr/share/
noboot)
File "/usr/share/
dom = self.conn.
File "/usr/lib/
if ret is None:raise libvirtError(
libvirtError: internal error: cannot load AppArmor profile «libvirt-
There is an appropriate lines at the end of /etc/libvirt/
nvram = [ "/usr/share/
Surely those files are present in /usr/share/OVMF/.
Kbuntu 15.10 Wily
Linux 4.2RC6 x86_64
virt-manager 1.2.1
libvirt 1.2.16
qemu 2.3
description: | updated |
Changed in libvirt (Ubuntu): | |
status: | Fix Released → Confirmed |
description: | updated |
Changed in libvirt (Ubuntu Trusty): | |
importance: | Undecided → High |
This is a problem with virt-aa-helper.c. Basically, in valid_path() this:
/* override the above with these */
"/sys/ devices/ pci", /* for hostdev pci devices */
"/etc/ libvirt- sandbox/ services/ " /* for virt-sandbox service config */
const char * const override[] = {
};
should be changed to:
"/sys/ devices/ pci", /* for hostdev pci devices */
"/etc/ libvirt- sandbox/ services/ ", /* for virt-sandbox service config */
"/usr/ share/ovmf/ " /* for OVMF images */
/* override the above with these */
const char * const override[] = {
};
See https:/ /lists. ubuntu. com/archives/ apparmor/ 2015-August/ 008466. html for details.