Ubuntu
libvirt package

Bug #1962035
Comment #0

Comment 0 for bug 1962035

Revision history for this message

Katerina Koukiou (k-koukiou) wrote on 2022-02-23:

# lsb_release -rd
Description: Ubuntu 21.10
Release: 21.10

Package: apparmor
Version: 3.0.3-0ubuntu1

Package: virtinst
Version: 1:3.2.0-3

When trying to re-install an existing VM with uefi boot set up using the
recently introduced `--reinstall` option apparmor makes the installation
fail with the following error:

Could not open '/var/lib/libvirt/qemu/nvram/test_VARS.fd': Permission denied

Steps to reproduce:

Create a VM:

root@ubuntu:~# virt-install --connect qemu:///system --quiet --os-variant
fedora28 --memory 1024 --name test --wait -1 --disk size=1,format=qcow2
--print-xml 1 > /tmp/test1.xml

Edit the VM configuration to enable automatic UEFI boot by changing the
<os> like follows:

- <os>

+ <os firmware='efi'>

Define the VM:

root@ubuntu:~# virsh define /tmp/test1.xml

Start VM installation:

root@ubuntu:~# virt-install --connect qemu:///system --reinstall test --wait -1 --noautoconsole --cdrom /var/lib/libvirt/novell.iso --autostart
WARNING No operating system detected, VM performance may suffer. Specify an OS with --os-variant for optimal results.

Starting install...
ERROR internal error: process exited while connecting to monitor: 2022-02-23T18:56:54.738510Z qemu-system-x86_64: -blockdev {"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/test_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}: Could not open '/var/lib/libvirt/qemu/nvram/test_VARS.fd': Permission denied
Domain installation does not appear to have been successful.
If it was, you can restart your domain by running:
virsh --connect qemu:///system start test
otherwise, please restart your installation.

Expected behavior:

VM installation will start without apparmor error.

Actual behavior:

The above denial happens:

Feb 23 18:56:54 ubuntu audit[4420]: AVC apparmor="DENIED" operation="open" profile="libvirt-bdd92fa6-6030-4980-951c-2a52ec7e406c" name="/var/lib/libvirt/qemu/nvram/test_VARS.fd" pid=4420 comm="qemu-system-x86" requested_mask="r" denied_m>

and stop the installation.

# lsb_release -rd
Description:	Ubuntu 21.10
Release:	21.10

Package: apparmor
Version: 3.0.3-0ubuntu1

Package: virtinst
Version: 1:3.2.0-3

When trying to re-install an existing VM with uefi boot set up using the
recently introduced `--reinstall` option apparmor makes the installation
fail with the following error:

Could not open '/var/lib/libvirt/qemu/nvram/test_VARS.fd': Permission denied

Steps to reproduce:

Create a VM:

root@ubuntu:~# virt-install --connect qemu:///system --quiet --os-variant
fedora28 --memory 1024 --name test --wait -1 --disk size=1,format=qcow2
--print-xml 1 > /tmp/test1.xml

Edit the VM configuration to enable automatic UEFI boot by changing the
<os> like follows:

- <os>

+ <os firmware='efi'>

Define the VM:

root@ubuntu:~# virsh define /tmp/test1.xml

Start VM installation:

root@ubuntu:~# virt-install --connect qemu:///system --reinstall test --wait -1 --noautoconsole --cdrom /var/lib/libvirt/novell.iso --autostart
WARNING  No operating system detected, VM performance may suffer. Specify an OS with --os-variant for optimal results.

Starting install...
ERROR    internal error: process exited while connecting to monitor: 2022-02-23T18:56:54.738510Z qemu-system-x86_64: -blockdev {"driver":"file","filename":"/var/lib/libvirt/qemu/nvram/test_VARS.fd","node-name":"libvirt-pflash1-storage","auto-read-only":true,"discard":"unmap"}: Could not open '/var/lib/libvirt/qemu/nvram/test_VARS.fd': Permission denied
Domain installation does not appear to have been successful.
If it was, you can restart your domain by running:
  virsh --connect qemu:///system start test
otherwise, please restart your installation.

Expected behavior:

VM installation will start without apparmor error.

Actual behavior:

The above denial happens:

and stop the installation.

Ubuntulibvirt package

Comment 0 for bug 1962035

Ubuntu
libvirt package