Ubuntu
libvirt package

  1. Bug #1990499
  2. Comment #0

Comment 0 for bug 1990499

Revision history for this message
Isaac True (itrue) wrote :

I am trying to adapt the guide to booting the riscv64 QEMU image from https://wiki.ubuntu.com/RISC-V to work with libvirt, but I'm running into an AppArmor issue:

Sep 22 11:07:06 Isaac-Laptop libvirtd[6243]: internal error: Child process (LIBVIRT_LOG_OUTPUTS=3:stderr /usr/lib/libvirt/virt-aa-helper -r -u libvirt-86ff0d62-f2fc-4f21-b84a-dc8c3e8097ff) unexpected exit status 1: 2022-09-22 09:07:06.069+0000: 34566
75: info : libvirt version: 8.0.0, package: 1ubuntu7.1 (Christian Ehrhardt <email address hidden> Thu, 19 May 2022 08:14:48 +0200)#0122022-09-22 09:07:06.069+0000: 3456675: info : hostname: Isaac-Laptop#0122022-09-22 09:07:06.069+0000: 34
56675: error : virStorageFileBackendFileRead:109 : Failed to open file '/dev/zvol/rpool/vm/ubuntu-22.04-riscv64': Permission denied#012virt-aa-helper: error: /usr/lib/u-boot/qemu-riscv64_smode/uboot.elf#012virt-aa-helper: error: skipped restricted fi
le#012virt-aa-helper: error: invalid VM definition

This seems to be caused by the U-Boot path not being permitted by AppArmor to be used by libvirt.

I'm using the following XML snippet for setting the loader and kernel (adapted from the QEMU instructions):

  <os>
    <type arch="riscv64" machine="virt">hvm</type>
    <loader readonly="yes" type="rom">/usr/lib/riscv64-linux-gnu/opensbi/generic/fw_jump.elf</loader>
    <kernel>/usr/lib/u-boot/qemu-riscv64_smode/uboot.elf</kernel>
  </os>

Moving the U-Boot binary to /var/tmp/uboot.elf resolves this issue, but libvirt then generates another AppArmor error due to the fw_jump.elf file:

Sep 22 11:12:09 Isaac-Laptop libvirtd[6243]: internal error: Child process (LIBVIRT_LOG_OUTPUTS=3:stderr /usr/lib/libvirt/virt-aa-helper -r -u libvirt-86ff0d62-f2fc-4f21-b84a-dc8c3e8097ff) unexpected exit status 1: 2022-09-22 09:12:09.664+0000: 3461255: info : libvirt version: 8.0.0, package: 1ubuntu7.1 (Christian Ehrhardt <email address hidden> Thu, 19 May 2022 08:14:48 +0200)#0122022-09-22 09:12:09.664+0000: 3461255: info : hostname: Isaac-Laptop#0122022-09-22 09:12:09.664+0000: 3461255: error : virStorageFileBackendFileRead:109 : Failed to open file '/dev/zvol/rpool/vm/ubuntu-22.04-riscv64': Permission denied#012virt-aa-helper: error: /usr/lib/riscv64-linux-gnu/opensbi/generic/fw_jump.elf#012virt-aa-helper: error: skipped restricted file#012virt-aa-helper: error: invalid VM definition

Moving this to /var/tmp/fw_jump.elf also resolves this issue and allows the VM to boot.

Should these two file paths be added to the AppArmor rules? Maybe the equivalent paths for all architectures should be added?

---

$ lsb_release -rd
Description: Ubuntu 22.04.1 LTS
Release: 22.04

$ apt policy libvirt0
libvirt0:
  Installed: 8.0.0-1ubuntu7.1
  Candidate: 8.0.0-1ubuntu7.1
  Version table:
 *** 8.0.0-1ubuntu7.1 500
        500 http://de.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
        100 /var/lib/dpkg/status
     8.0.0-1ubuntu7 500
        500 http://de.archive.ubuntu.com/ubuntu jammy/main amd64 Packages