Ubuntu
libvirt package

  1. Bug #1633207
  2. Comment #0

Comment 0 for bug 1633207

Revision history for this message
bugproxy (bugproxy) wrote :

---Problem Description---
VM fails to start with dac security driver added

---uname output---
Linux ltc-test-ci1 4.4.0-9136-generic #55-Ubuntu SMP Fri Aug 26 05:56:24 UTC 2016 ppc64le ppc64le ppc64le GNU/Linux

Machine Type = power 8 ppc64le

---Steps to Reproduce---

VM fails to start with dac security driver added
1. Define a VM with both apparmor and dac security driver( Used XML as below)
#virsh dumpxml virt-tests-vm1
<domain type='kvm'>
  <name>virt-tests-vm1</name>
  <uuid>0491f0cd-eb14-4992-be4c-53a1adf1d314</uuid>
  <memory unit='KiB'>33554432</memory>
  <currentMemory unit='KiB'>33554432</currentMemory>
  <vcpu placement='static'>32</vcpu>
  <resource>
    <partition>/machine</partition>
  </resource>
  <os>
    <type arch='ppc64le' machine='pseries-2.6'>hvm</type>
    <boot dev='hd'/>
  </os>
  <cpu>
    <topology sockets='1' cores='32' threads='1'/>
  </cpu>
  <clock offset='utc'/>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>restart</on_crash>
  <devices>
    <emulator>/usr/bin/kvm</emulator>
    <disk type='file' device='disk'>
      <driver name='qemu' type='qcow2'/>
      <source file='/var/lib/libvirt/images/sath/avocado-fvt-wrapper/data/avocado-vt/images/ubuntu-16.10-ppc64le.qcow2'/>
      <target dev='sda' bus='scsi'/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </disk>
    <controller type='usb' index='0'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
    </controller>
    <controller type='pci' index='0' model='pci-root'/>
    <controller type='scsi' index='0'>
      <address type='spapr-vio' reg='0x2000'/>
    </controller>
    <interface type='bridge'>
      <mac address='52:54:00:e2:e3:e4'/>
      <source bridge='virbr0'/>
      <model type='virtio'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
    </interface>
    <serial type='pty'>
      <target port='0'/>
      <address type='spapr-vio' reg='0x30000000'/>
    </serial>
    <console type='pty'>
      <target type='serial' port='0'/>
      <address type='spapr-vio' reg='0x30000000'/>
    </console>
    <memballoon model='virtio'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </memballoon>
    <panic model='pseries'/>
  </devices>
  <seclabel type='dynamic' model='apparmor' relabel='yes'/>
  <seclabel type='dynamic' model='dac' relabel='yes'/>
</domain>

2. virsh start virt-tests-vm1
#virsh start virt-tests-vm1
error: Failed to start domain virt-tests-vm1
error: internal error: cannot load AppArmor profile 'libvirt-0491f0cd-eb14-4992-be4c-53a1adf1d314'------NOK

3. After removing dac line from xml(<seclabel type='dynamic' model='dac' relabel='yes'/>) VM started fine
#virsh start virt-tests-vm1
Domain virt-tests-vm1 started

Userspace tool common name: ii libvirt-bin 2.1.0-1ubuntu5 ppc64el programs for the libvirt library

The userspace tool has the following bit modes: both

Userspace package: ii libvirt-bin 2.1.0-1ubuntu5 ppc64el programs for the libvirt library