| 2017-04-20 07:59:30 |
Christian Ehrhardt |
bug |
|
|
added bug |
| 2017-04-20 07:59:41 |
Christian Ehrhardt |
tags |
|
regression-proposed |
|
| 2017-04-20 07:59:55 |
Christian Ehrhardt |
bug task added |
|
apparmor (Ubuntu) |
|
| 2017-04-20 08:00:12 |
Christian Ehrhardt |
bug task added |
|
lxd (Ubuntu) |
|
| 2017-04-20 08:00:13 |
Brad Figg |
linux (Ubuntu): status |
New |
Incomplete |
|
| 2017-04-20 15:38:46 |
Joseph Salisbury |
tags |
regression-proposed |
kernel-da-key regression-proposed |
|
| 2017-04-20 15:39:34 |
Joseph Salisbury |
linux (Ubuntu): importance |
Undecided |
Medium |
|
| 2017-04-20 15:54:14 |
Christian Ehrhardt |
tags |
kernel-da-key regression-proposed |
apport-collected kernel-da-key regression-proposed uec-images xenial |
|
| 2017-04-20 15:54:16 |
Christian Ehrhardt |
description |
Setup:
- Xenial host
- lxd guests with Trusty, Xenial, ...
- add a LXD profile to allow kvm [3] (inspired by stgraber)
- spawn KVM guests in the LXD guests using the different distro release versions
- guests are based on the uvtool default template which has a serial console [4]
Issue:
- guest starting with serial device gets blocked by apparmor and killed on creation
- This affects at least ppc64el and x86 (s390x has no serial concept that would match)
- This appeared in our usual checks on -proposed releases so maybe we can/should stop something?
Last good was "Apr 5, 2017 10:40:50 AM" first bad one "Apr 8, 2017 5:11:22 AM"
Background:
We use this setup for a while and it was working without a change on our end.
Also the fact that it still works in the Trusty LXD makes it somewhat suspicious.
Therefore I'd assume an SRUed change in LXD/Kernel/Apparmor might be the reason and open this bug to get your opinion on it.
You can look into [1] and search for uvt-kvm create in it.
Deny in dmesg:
[652759.606218] audit: type=1400 audit(1492671353.134:4520): apparmor="DENIED" operation="open" namespace="root//lxd-testkvm-xenial-from_<var-lib-lxd>" profile="libvirt-668e21f1-fa55-4a30-b325-0ed5cfd55e5b" name="/dev/pts/ptmx" pid=27162 comm="qemu-system-ppc" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
Qemu-log:
2017-04-20T06:55:53.139450Z qemu-system-ppc64: -chardev pty,id=charserial0: Failed to create PTY: No such file or directory
There was a similar issue on qmeu namespacing (which we don't use on any of these releases) [2].
While we surely don't have the "same" issue the debugging on the namespacing might be worth as it could be related.
Workaround for now:
- drop serial section from guest xml
[1]: https://jenkins.ubuntu.com/server/view/Virt/job/virt-migration-cross-release-amd64/78/consoleFull
[2]: https://bugzilla.redhat.com/show_bug.cgi?id=1421036
[3]: https://git.launchpad.net/~ubuntu-server/ubuntu/+source/qemu-migration-test/tree/kvm_profile.yaml
[4]: https://libvirt.org/formatdomain.html#elementsCharPTY |
Setup:
- Xenial host
- lxd guests with Trusty, Xenial, ...
- add a LXD profile to allow kvm [3] (inspired by stgraber)
- spawn KVM guests in the LXD guests using the different distro release versions
- guests are based on the uvtool default template which has a serial console [4]
Issue:
- guest starting with serial device gets blocked by apparmor and killed on creation
- This affects at least ppc64el and x86 (s390x has no serial concept that would match)
- This appeared in our usual checks on -proposed releases so maybe we can/should stop something?
Last good was "Apr 5, 2017 10:40:50 AM" first bad one "Apr 8, 2017 5:11:22 AM"
Background:
We use this setup for a while and it was working without a change on our end.
Also the fact that it still works in the Trusty LXD makes it somewhat suspicious.
Therefore I'd assume an SRUed change in LXD/Kernel/Apparmor might be the reason and open this bug to get your opinion on it.
You can look into [1] and search for uvt-kvm create in it.
Deny in dmesg:
[652759.606218] audit: type=1400 audit(1492671353.134:4520): apparmor="DENIED" operation="open" namespace="root//lxd-testkvm-xenial-from_<var-lib-lxd>" profile="libvirt-668e21f1-fa55-4a30-b325-0ed5cfd55e5b" name="/dev/pts/ptmx" pid=27162 comm="qemu-system-ppc" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
Qemu-log:
2017-04-20T06:55:53.139450Z qemu-system-ppc64: -chardev pty,id=charserial0: Failed to create PTY: No such file or directory
There was a similar issue on qmeu namespacing (which we don't use on any of these releases) [2].
While we surely don't have the "same" issue the debugging on the namespacing might be worth as it could be related.
Workaround for now:
- drop serial section from guest xml
[1]: https://jenkins.ubuntu.com/server/view/Virt/job/virt-migration-cross-release-amd64/78/consoleFull
[2]: https://bugzilla.redhat.com/show_bug.cgi?id=1421036
[3]: https://git.launchpad.net/~ubuntu-server/ubuntu/+source/qemu-migration-test/tree/kvm_profile.yaml
[4]: https://libvirt.org/formatdomain.html#elementsCharPTY
---
ApportVersion: 2.20.1-0ubuntu2.5
Architecture: ppc64el
DistroRelease: Ubuntu 16.04
NonfreeKernelModules: zfs zunicode zcommon znvpair zavl
Package: lxd
PackageArchitecture: ppc64el
ProcKernelCmdline: root=UUID=902eaad1-2164-4f9a-bec4-7ff3abc15804 ro console=hvc0
ProcLoadAvg: 3.15 3.02 3.83 1/3056 79993
ProcSwaps:
Filename Type Size Used Priority
/swap.img file 8388544 0 -1
ProcVersion: Linux version 4.4.0-72-generic (buildd@bos01-ppc64el-022) (gcc version 5.4.0 20160609 (Ubuntu/IBM 5.4.0-6ubuntu1~16.04.4) ) #93-Ubuntu SMP Fri Mar 31 14:05:15 UTC 2017
ProcVersionSignature: Ubuntu 4.4.0-72.93-generic 4.4.49
Syslog:
Tags: xenial uec-images
Uname: Linux 4.4.0-72-generic ppc64le
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: utah
_MarkForUpload: True
cpu_cores: Number of cores present = 20
cpu_coreson: Number of cores online = 20
cpu_smt: SMT is off |
|
| 2017-04-20 15:54:17 |
Christian Ehrhardt |
attachment added |
|
.sys.firmware.opal.msglog.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865567/+files/.sys.firmware.opal.msglog.txt |
|
| 2017-04-20 15:54:19 |
Christian Ehrhardt |
attachment added |
|
ApparmorPackages.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865568/+files/ApparmorPackages.txt |
|
| 2017-04-20 15:54:20 |
Christian Ehrhardt |
attachment added |
|
ApparmorStatusOutput.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865569/+files/ApparmorStatusOutput.txt |
|
| 2017-04-20 15:54:22 |
Christian Ehrhardt |
attachment added |
|
Dependencies.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865570/+files/Dependencies.txt |
|
| 2017-04-20 15:54:24 |
Christian Ehrhardt |
attachment added |
|
JournalErrors.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865571/+files/JournalErrors.txt |
|
| 2017-04-20 15:54:26 |
Christian Ehrhardt |
attachment added |
|
KernLog.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865572/+files/KernLog.txt |
|
| 2017-04-20 15:54:27 |
Christian Ehrhardt |
attachment added |
|
ProcEnviron.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865573/+files/ProcEnviron.txt |
|
| 2017-04-20 15:54:28 |
Christian Ehrhardt |
attachment added |
|
ProcLocks.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865574/+files/ProcLocks.txt |
|
| 2017-04-20 15:54:30 |
Christian Ehrhardt |
attachment added |
|
ProcMisc.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865575/+files/ProcMisc.txt |
|
| 2017-04-20 15:54:31 |
Christian Ehrhardt |
attachment added |
|
ProcPpc64.tar.gz https://bugs.launchpad.net/bugs/1684481/+attachment/4865576/+files/ProcPpc64.tar.gz |
|
| 2017-04-20 15:54:33 |
Christian Ehrhardt |
attachment added |
|
PstreeP.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865577/+files/PstreeP.txt |
|
| 2017-04-20 16:08:15 |
Christian Ehrhardt |
description |
Setup:
- Xenial host
- lxd guests with Trusty, Xenial, ...
- add a LXD profile to allow kvm [3] (inspired by stgraber)
- spawn KVM guests in the LXD guests using the different distro release versions
- guests are based on the uvtool default template which has a serial console [4]
Issue:
- guest starting with serial device gets blocked by apparmor and killed on creation
- This affects at least ppc64el and x86 (s390x has no serial concept that would match)
- This appeared in our usual checks on -proposed releases so maybe we can/should stop something?
Last good was "Apr 5, 2017 10:40:50 AM" first bad one "Apr 8, 2017 5:11:22 AM"
Background:
We use this setup for a while and it was working without a change on our end.
Also the fact that it still works in the Trusty LXD makes it somewhat suspicious.
Therefore I'd assume an SRUed change in LXD/Kernel/Apparmor might be the reason and open this bug to get your opinion on it.
You can look into [1] and search for uvt-kvm create in it.
Deny in dmesg:
[652759.606218] audit: type=1400 audit(1492671353.134:4520): apparmor="DENIED" operation="open" namespace="root//lxd-testkvm-xenial-from_<var-lib-lxd>" profile="libvirt-668e21f1-fa55-4a30-b325-0ed5cfd55e5b" name="/dev/pts/ptmx" pid=27162 comm="qemu-system-ppc" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
Qemu-log:
2017-04-20T06:55:53.139450Z qemu-system-ppc64: -chardev pty,id=charserial0: Failed to create PTY: No such file or directory
There was a similar issue on qmeu namespacing (which we don't use on any of these releases) [2].
While we surely don't have the "same" issue the debugging on the namespacing might be worth as it could be related.
Workaround for now:
- drop serial section from guest xml
[1]: https://jenkins.ubuntu.com/server/view/Virt/job/virt-migration-cross-release-amd64/78/consoleFull
[2]: https://bugzilla.redhat.com/show_bug.cgi?id=1421036
[3]: https://git.launchpad.net/~ubuntu-server/ubuntu/+source/qemu-migration-test/tree/kvm_profile.yaml
[4]: https://libvirt.org/formatdomain.html#elementsCharPTY
---
ApportVersion: 2.20.1-0ubuntu2.5
Architecture: ppc64el
DistroRelease: Ubuntu 16.04
NonfreeKernelModules: zfs zunicode zcommon znvpair zavl
Package: lxd
PackageArchitecture: ppc64el
ProcKernelCmdline: root=UUID=902eaad1-2164-4f9a-bec4-7ff3abc15804 ro console=hvc0
ProcLoadAvg: 3.15 3.02 3.83 1/3056 79993
ProcSwaps:
Filename Type Size Used Priority
/swap.img file 8388544 0 -1
ProcVersion: Linux version 4.4.0-72-generic (buildd@bos01-ppc64el-022) (gcc version 5.4.0 20160609 (Ubuntu/IBM 5.4.0-6ubuntu1~16.04.4) ) #93-Ubuntu SMP Fri Mar 31 14:05:15 UTC 2017
ProcVersionSignature: Ubuntu 4.4.0-72.93-generic 4.4.49
Syslog:
Tags: xenial uec-images
Uname: Linux 4.4.0-72-generic ppc64le
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: utah
_MarkForUpload: True
cpu_cores: Number of cores present = 20
cpu_coreson: Number of cores online = 20
cpu_smt: SMT is off |
Setup:
- Xenial host
- lxd guests with Trusty, Xenial, ...
- add a LXD profile to allow kvm [3] (inspired by stgraber)
- spawn KVM guests in the LXD guests using the different distro release versions
- guests are based on the uvtool default template which has a serial console [4]
Issue:
- guest starting with serial device gets blocked by apparmor and killed on creation
- This affects at least ppc64el and x86 (s390x has no serial concept that would match)
- This appeared in our usual checks on -proposed releases so maybe we can/should stop something?
Last good was "Apr 5, 2017 10:40:50 AM" first bad one "Apr 8, 2017 5:11:22 AM"
Background:
We use this setup for a while and it was working without a change on our end.
Also the fact that it still works in the Trusty LXD makes it somewhat suspicious.
Therefore I'd assume an SRUed change in LXD/Kernel/Apparmor might be the reason and open this bug to get your opinion on it.
You can look into [1] and search for uvt-kvm create in it.
Deny in dmesg:
[652759.606218] audit: type=1400 audit(1492671353.134:4520): apparmor="DENIED" operation="open" namespace="root//lxd-testkvm-xenial-from_<var-lib-lxd>" profile="libvirt-668e21f1-fa55-4a30-b325-0ed5cfd55e5b" name="/dev/pts/ptmx" pid=27162 comm="qemu-system-ppc" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
Qemu-log:
2017-04-20T06:55:53.139450Z qemu-system-ppc64: -chardev pty,id=charserial0: Failed to create PTY: No such file or directory
There was a similar issue on qmeu namespacing (which we don't use on any of these releases) [2].
While we surely don't have the "same" issue the debugging on the namespacing might be worth as it could be related.
Workaround for now:
- drop serial section from guest xml
[1]: https://jenkins.ubuntu.com/server/view/Virt/job/virt-migration-cross-release-amd64/78/consoleFull
[2]: https://bugzilla.redhat.com/show_bug.cgi?id=1421036
[3]: https://git.launchpad.net/~ubuntu-server/ubuntu/+source/qemu-migration-test/tree/kvm_profile.yaml
[4]: https://libvirt.org/formatdomain.html#elementsCharPTY
---
ApportVersion: 2.20.1-0ubuntu2.5
Architecture: ppc64el
DistroRelease: Ubuntu 16.04
NonfreeKernelModules: zfs zunicode zcommon znvpair zavl
Package: lxd
PackageArchitecture: ppc64el
ProcKernelCmdline: root=UUID=902eaad1-2164-4f9a-bec4-7ff3abc15804 ro console=hvc0
ProcLoadAvg: 3.15 3.02 3.83 1/3056 79993
ProcSwaps:
Filename Type Size Used Priority
/swap.img file 8388544 0 -1
ProcVersion: Linux version 4.4.0-72-generic (buildd@bos01-ppc64el-022) (gcc version 5.4.0 20160609 (Ubuntu/IBM 5.4.0-6ubuntu1~16.04.4) ) #93-Ubuntu SMP Fri Mar 31 14:05:15 UTC 2017
ProcVersionSignature: Ubuntu 4.4.0-72.93-generic 4.4.49
Syslog:
Tags: xenial uec-images
Uname: Linux 4.4.0-72-generic ppc64le
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: utah
_MarkForUpload: True
cpu_cores: Number of cores present = 20
cpu_coreson: Number of cores online = 20
cpu_smt: SMT is off
---
ApportVersion: 2.20.1-0ubuntu2.5
Architecture: ppc64el
DistroRelease: Ubuntu 16.04
NonfreeKernelModules: cfg80211 ebtable_broute ebtable_nat binfmt_misc veth nbd openvswitch vhost_net vhost macvtap macvlan xt_conntrack ipt_REJECT nf_reject_ipv4 ebtable_filter ebtables ip6t_MASQUERADE nf_nat_masquerade_ipv6 ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_filter ip6_tables xt_comment xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack xt_tcpudp bridge stp llc iptable_filter ip_tables x_tables zfs zunicode zcommon znvpair spl zavl kvm_hv kvm ipmi_powernv ipmi_msghandler uio_pdrv_genirq vmx_crypto powernv_rng ibmpowernv leds_powernv uio ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear ses enclosure mlx4_en vxlan ip6_udp_tunnel udp_tunnel mlx4_core ipr
Package: lxd
PackageArchitecture: ppc64el
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
LANG=C.UTF-8
SHELL=/bin/bash
ProcKernelCmdline: root=UUID=902eaad1-2164-4f9a-bec4-7ff3abc15804 ro console=hvc0
ProcLoadAvg: 5.56 5.25 4.60 1/3057 3526
ProcSwaps:
Filename Type Size Used Priority
none virtual 8388544 8388544 0
ProcVersion: Linux version 4.4.0-72-generic (buildd@bos01-ppc64el-022) (gcc version 5.4.0 20160609 (Ubuntu/IBM 5.4.0-6ubuntu1~16.04.4) ) #93-Ubuntu SMP Fri Mar 31 14:05:15 UTC 2017
ProcVersionSignature: Ubuntu 4.4.0-72.93-generic 4.4.49
Syslog:
Tags: xenial uec-images
Uname: Linux 4.4.0-72-generic ppc64le
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:
_MarkForUpload: True
cpu_cores: Number of cores present = 20
cpu_coreson: Number of cores online = 20
cpu_smt: SMT is off |
|
| 2017-04-20 16:08:17 |
Christian Ehrhardt |
attachment added |
|
.sys.firmware.opal.msglog.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865578/+files/.sys.firmware.opal.msglog.txt |
|
| 2017-04-20 16:08:19 |
Christian Ehrhardt |
attachment added |
|
ApparmorPackages.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865579/+files/ApparmorPackages.txt |
|
| 2017-04-20 16:08:20 |
Christian Ehrhardt |
attachment added |
|
ApparmorStatusOutput.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865580/+files/ApparmorStatusOutput.txt |
|
| 2017-04-20 16:08:22 |
Christian Ehrhardt |
attachment added |
|
Dependencies.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865581/+files/Dependencies.txt |
|
| 2017-04-20 16:08:24 |
Christian Ehrhardt |
attachment added |
|
JournalErrors.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865582/+files/JournalErrors.txt |
|
| 2017-04-20 16:08:25 |
Christian Ehrhardt |
attachment added |
|
KernLog.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865583/+files/KernLog.txt |
|
| 2017-04-20 16:08:27 |
Christian Ehrhardt |
attachment added |
|
ProcLocks.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865584/+files/ProcLocks.txt |
|
| 2017-04-20 16:08:29 |
Christian Ehrhardt |
attachment added |
|
ProcMisc.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865585/+files/ProcMisc.txt |
|
| 2017-04-20 16:08:30 |
Christian Ehrhardt |
attachment added |
|
ProcPpc64.tar.gz https://bugs.launchpad.net/bugs/1684481/+attachment/4865586/+files/ProcPpc64.tar.gz |
|
| 2017-04-20 16:08:31 |
Christian Ehrhardt |
attachment added |
|
PstreeP.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865587/+files/PstreeP.txt |
|
| 2017-04-20 16:12:25 |
Christian Ehrhardt |
description |
Setup:
- Xenial host
- lxd guests with Trusty, Xenial, ...
- add a LXD profile to allow kvm [3] (inspired by stgraber)
- spawn KVM guests in the LXD guests using the different distro release versions
- guests are based on the uvtool default template which has a serial console [4]
Issue:
- guest starting with serial device gets blocked by apparmor and killed on creation
- This affects at least ppc64el and x86 (s390x has no serial concept that would match)
- This appeared in our usual checks on -proposed releases so maybe we can/should stop something?
Last good was "Apr 5, 2017 10:40:50 AM" first bad one "Apr 8, 2017 5:11:22 AM"
Background:
We use this setup for a while and it was working without a change on our end.
Also the fact that it still works in the Trusty LXD makes it somewhat suspicious.
Therefore I'd assume an SRUed change in LXD/Kernel/Apparmor might be the reason and open this bug to get your opinion on it.
You can look into [1] and search for uvt-kvm create in it.
Deny in dmesg:
[652759.606218] audit: type=1400 audit(1492671353.134:4520): apparmor="DENIED" operation="open" namespace="root//lxd-testkvm-xenial-from_<var-lib-lxd>" profile="libvirt-668e21f1-fa55-4a30-b325-0ed5cfd55e5b" name="/dev/pts/ptmx" pid=27162 comm="qemu-system-ppc" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
Qemu-log:
2017-04-20T06:55:53.139450Z qemu-system-ppc64: -chardev pty,id=charserial0: Failed to create PTY: No such file or directory
There was a similar issue on qmeu namespacing (which we don't use on any of these releases) [2].
While we surely don't have the "same" issue the debugging on the namespacing might be worth as it could be related.
Workaround for now:
- drop serial section from guest xml
[1]: https://jenkins.ubuntu.com/server/view/Virt/job/virt-migration-cross-release-amd64/78/consoleFull
[2]: https://bugzilla.redhat.com/show_bug.cgi?id=1421036
[3]: https://git.launchpad.net/~ubuntu-server/ubuntu/+source/qemu-migration-test/tree/kvm_profile.yaml
[4]: https://libvirt.org/formatdomain.html#elementsCharPTY
---
ApportVersion: 2.20.1-0ubuntu2.5
Architecture: ppc64el
DistroRelease: Ubuntu 16.04
NonfreeKernelModules: zfs zunicode zcommon znvpair zavl
Package: lxd
PackageArchitecture: ppc64el
ProcKernelCmdline: root=UUID=902eaad1-2164-4f9a-bec4-7ff3abc15804 ro console=hvc0
ProcLoadAvg: 3.15 3.02 3.83 1/3056 79993
ProcSwaps:
Filename Type Size Used Priority
/swap.img file 8388544 0 -1
ProcVersion: Linux version 4.4.0-72-generic (buildd@bos01-ppc64el-022) (gcc version 5.4.0 20160609 (Ubuntu/IBM 5.4.0-6ubuntu1~16.04.4) ) #93-Ubuntu SMP Fri Mar 31 14:05:15 UTC 2017
ProcVersionSignature: Ubuntu 4.4.0-72.93-generic 4.4.49
Syslog:
Tags: xenial uec-images
Uname: Linux 4.4.0-72-generic ppc64le
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: utah
_MarkForUpload: True
cpu_cores: Number of cores present = 20
cpu_coreson: Number of cores online = 20
cpu_smt: SMT is off
---
ApportVersion: 2.20.1-0ubuntu2.5
Architecture: ppc64el
DistroRelease: Ubuntu 16.04
NonfreeKernelModules: cfg80211 ebtable_broute ebtable_nat binfmt_misc veth nbd openvswitch vhost_net vhost macvtap macvlan xt_conntrack ipt_REJECT nf_reject_ipv4 ebtable_filter ebtables ip6t_MASQUERADE nf_nat_masquerade_ipv6 ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_filter ip6_tables xt_comment xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack xt_tcpudp bridge stp llc iptable_filter ip_tables x_tables zfs zunicode zcommon znvpair spl zavl kvm_hv kvm ipmi_powernv ipmi_msghandler uio_pdrv_genirq vmx_crypto powernv_rng ibmpowernv leds_powernv uio ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear ses enclosure mlx4_en vxlan ip6_udp_tunnel udp_tunnel mlx4_core ipr
Package: lxd
PackageArchitecture: ppc64el
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
LANG=C.UTF-8
SHELL=/bin/bash
ProcKernelCmdline: root=UUID=902eaad1-2164-4f9a-bec4-7ff3abc15804 ro console=hvc0
ProcLoadAvg: 5.56 5.25 4.60 1/3057 3526
ProcSwaps:
Filename Type Size Used Priority
none virtual 8388544 8388544 0
ProcVersion: Linux version 4.4.0-72-generic (buildd@bos01-ppc64el-022) (gcc version 5.4.0 20160609 (Ubuntu/IBM 5.4.0-6ubuntu1~16.04.4) ) #93-Ubuntu SMP Fri Mar 31 14:05:15 UTC 2017
ProcVersionSignature: Ubuntu 4.4.0-72.93-generic 4.4.49
Syslog:
Tags: xenial uec-images
Uname: Linux 4.4.0-72-generic ppc64le
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:
_MarkForUpload: True
cpu_cores: Number of cores present = 20
cpu_coreson: Number of cores online = 20
cpu_smt: SMT is off |
Setup:
- Xenial host
- lxd guests with Trusty, Xenial, ...
- add a LXD profile to allow kvm [3] (inspired by stgraber)
- spawn KVM guests in the LXD guests using the different distro release versions
- guests are based on the uvtool default template which has a serial console [4]
Issue:
- guest starting with serial device gets blocked by apparmor and killed on creation
- This affects at least ppc64el and x86 (s390x has no serial concept that would match)
- This appeared in our usual checks on -proposed releases so maybe we can/should stop something?
Last good was "Apr 5, 2017 10:40:50 AM" first bad one "Apr 8, 2017 5:11:22 AM"
Background:
We use this setup for a while and it was working without a change on our end.
Also the fact that it still works in the Trusty LXD makes it somewhat suspicious.
Therefore I'd assume an SRUed change in LXD/Kernel/Apparmor might be the reason and open this bug to get your opinion on it.
You can look into [1] and search for uvt-kvm create in it.
Deny in dmesg:
[652759.606218] audit: type=1400 audit(1492671353.134:4520): apparmor="DENIED" operation="open" namespace="root//lxd-testkvm-xenial-from_<var-lib-lxd>" profile="libvirt-668e21f1-fa55-4a30-b325-0ed5cfd55e5b" name="/dev/pts/ptmx" pid=27162 comm="qemu-system-ppc" requested_mask="wr" denied_mask="wr" fsuid=0 ouid=0
Qemu-log:
2017-04-20T06:55:53.139450Z qemu-system-ppc64: -chardev pty,id=charserial0: Failed to create PTY: No such file or directory
There was a similar issue on qmeu namespacing (which we don't use on any of these releases) [2].
While we surely don't have the "same" issue the debugging on the namespacing might be worth as it could be related.
Workaround for now:
- drop serial section from guest xml
[1]: https://jenkins.ubuntu.com/server/view/Virt/job/virt-migration-cross-release-amd64/78/consoleFull
[2]: https://bugzilla.redhat.com/show_bug.cgi?id=1421036
[3]: https://git.launchpad.net/~ubuntu-server/ubuntu/+source/qemu-migration-test/tree/kvm_profile.yaml
[4]: https://libvirt.org/formatdomain.html#elementsCharPTY
---
ApportVersion: 2.20.1-0ubuntu2.5
Architecture: ppc64el
DistroRelease: Ubuntu 16.04
NonfreeKernelModules: zfs zunicode zcommon znvpair zavl
Package: lxd
PackageArchitecture: ppc64el
ProcKernelCmdline: root=UUID=902eaad1-2164-4f9a-bec4-7ff3abc15804 ro console=hvc0
ProcLoadAvg: 3.15 3.02 3.83 1/3056 79993
ProcSwaps:
Filename Type Size Used Priority
/swap.img file 8388544 0 -1
ProcVersion: Linux version 4.4.0-72-generic (buildd@bos01-ppc64el-022) (gcc version 5.4.0 20160609 (Ubuntu/IBM 5.4.0-6ubuntu1~16.04.4) ) #93-Ubuntu SMP Fri Mar 31 14:05:15 UTC 2017
ProcVersionSignature: Ubuntu 4.4.0-72.93-generic 4.4.49
Syslog:
Tags: xenial uec-images
Uname: Linux 4.4.0-72-generic ppc64le
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: utah
_MarkForUpload: True
cpu_cores: Number of cores present = 20
cpu_coreson: Number of cores online = 20
cpu_smt: SMT is off
---
ApportVersion: 2.20.1-0ubuntu2.5
Architecture: ppc64el
DistroRelease: Ubuntu 16.04
NonfreeKernelModules: cfg80211 ebtable_broute ebtable_nat binfmt_misc veth nbd openvswitch vhost_net vhost macvtap macvlan xt_conntrack ipt_REJECT nf_reject_ipv4 ebtable_filter ebtables ip6t_MASQUERADE nf_nat_masquerade_ipv6 ip6table_nat nf_conntrack_ipv6 nf_defrag_ipv6 nf_nat_ipv6 ip6table_filter ip6_tables xt_comment xt_CHECKSUM iptable_mangle ipt_MASQUERADE nf_nat_masquerade_ipv4 iptable_nat nf_conntrack_ipv4 nf_defrag_ipv4 nf_nat_ipv4 nf_nat nf_conntrack xt_tcpudp bridge stp llc iptable_filter ip_tables x_tables zfs zunicode zcommon znvpair spl zavl kvm_hv kvm ipmi_powernv ipmi_msghandler uio_pdrv_genirq vmx_crypto powernv_rng ibmpowernv leds_powernv uio ib_iser rdma_cm iw_cm ib_cm ib_sa ib_mad ib_core ib_addr iscsi_tcp libiscsi_tcp libiscsi scsi_transport_iscsi autofs4 btrfs raid10 raid456 async_raid6_recov async_memcpy async_pq async_xor async_tx xor raid6_pq libcrc32c raid1 raid0 multipath linear ses enclosure mlx4_en vxlan ip6_udp_tunnel udp_tunnel mlx4_core ipr
Package: lxd
PackageArchitecture: ppc64el
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
LANG=C.UTF-8
SHELL=/bin/bash
ProcKernelCmdline: root=UUID=902eaad1-2164-4f9a-bec4-7ff3abc15804 ro console=hvc0
ProcLoadAvg: 5.56 5.25 4.60 1/3057 3526
ProcSwaps:
Filename Type Size Used Priority
none virtual 8388544 8388544 0
ProcVersion: Linux version 4.4.0-72-generic (buildd@bos01-ppc64el-022) (gcc version 5.4.0 20160609 (Ubuntu/IBM 5.4.0-6ubuntu1~16.04.4) ) #93-Ubuntu SMP Fri Mar 31 14:05:15 UTC 2017
ProcVersionSignature: Ubuntu 4.4.0-72.93-generic 4.4.49
Syslog:
Tags: xenial uec-images
Uname: Linux 4.4.0-72-generic ppc64le
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:
_MarkForUpload: True
cpu_cores: Number of cores present = 20
cpu_coreson: Number of cores online = 20
cpu_smt: SMT is off
---
AlsaDevices:
total 0
crw-rw---- 1 root audio 116, 1 Apr 12 17:37 seq
crw-rw---- 1 root audio 116, 33 Apr 12 17:37 timer
AplayDevices: Error: [Errno 2] No such file or directory
ApportVersion: 2.20.1-0ubuntu2.5
Architecture: ppc64el
ArecordDevices: Error: [Errno 2] No such file or directory
AudioDevicesInUse: Error: command ['fuser', '-v', '/dev/snd/seq', '/dev/snd/timer'] failed with exit code 1:
DistroRelease: Ubuntu 16.04
IwConfig: Error: [Errno 2] No such file or directory
Lsusb:
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
NonfreeKernelModules: zfs zunicode zcommon znvpair zavl
Package: linux (not installed)
PciMultimedia:
ProcFB:
ProcKernelCmdLine: root=UUID=902eaad1-2164-4f9a-bec4-7ff3abc15804 ro console=hvc0
ProcLoadAvg: 6.01 5.68 4.92 1/3060 83740
ProcSwaps:
Filename Type Size Used Priority
/swap.img file 8388544 0 -1
ProcVersion: Linux version 4.4.0-72-generic (buildd@bos01-ppc64el-022) (gcc version 5.4.0 20160609 (Ubuntu/IBM 5.4.0-6ubuntu1~16.04.4) ) #93-Ubuntu SMP Fri Mar 31 14:05:15 UTC 2017
ProcVersionSignature: Ubuntu 4.4.0-72.93-generic 4.4.49
RelatedPackageVersions:
linux-restricted-modules-4.4.0-72-generic N/A
linux-backports-modules-4.4.0-72-generic N/A
linux-firmware 1.157.8
RfKill: Error: [Errno 2] No such file or directory
Tags: xenial uec-images
Uname: Linux 4.4.0-72-generic ppc64le
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups: utah
_MarkForUpload: True
cpu_cores: Number of cores present = 20
cpu_coreson: Number of cores online = 20
cpu_dscr: DSCR is 0
cpu_freq:
min: 3.691 GHz (cpu 120)
max: 3.691 GHz (cpu 8)
avg: 3.691 GHz
cpu_runmode:
Could not retrieve current diagnostics mode,
No kernel interface to firmware
cpu_smt: SMT is off |
|
| 2017-04-20 16:12:26 |
Christian Ehrhardt |
attachment added |
|
.sys.firmware.opal.msglog.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865588/+files/.sys.firmware.opal.msglog.txt |
|
| 2017-04-20 16:12:28 |
Christian Ehrhardt |
attachment added |
|
CRDA.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865589/+files/CRDA.txt |
|
| 2017-04-20 16:12:30 |
Christian Ehrhardt |
attachment added |
|
CurrentDmesg.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865590/+files/CurrentDmesg.txt |
|
| 2017-04-20 16:12:32 |
Christian Ehrhardt |
attachment added |
|
DeviceTree.tar.gz https://bugs.launchpad.net/bugs/1684481/+attachment/4865591/+files/DeviceTree.tar.gz |
|
| 2017-04-20 16:12:33 |
Christian Ehrhardt |
attachment added |
|
JournalErrors.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865592/+files/JournalErrors.txt |
|
| 2017-04-20 16:12:35 |
Christian Ehrhardt |
attachment added |
|
Lspci.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865593/+files/Lspci.txt |
|
| 2017-04-20 16:12:36 |
Christian Ehrhardt |
attachment added |
|
OpalElog.tar.gz https://bugs.launchpad.net/bugs/1684481/+attachment/4865594/+files/OpalElog.tar.gz |
|
| 2017-04-20 16:12:38 |
Christian Ehrhardt |
attachment added |
|
ProcCpuinfo.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865595/+files/ProcCpuinfo.txt |
|
| 2017-04-20 16:12:39 |
Christian Ehrhardt |
attachment added |
|
ProcEnviron.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865596/+files/ProcEnviron.txt |
|
| 2017-04-20 16:12:41 |
Christian Ehrhardt |
attachment added |
|
ProcInterrupts.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865597/+files/ProcInterrupts.txt |
|
| 2017-04-20 16:12:42 |
Christian Ehrhardt |
attachment added |
|
ProcLocks.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865598/+files/ProcLocks.txt |
|
| 2017-04-20 16:12:44 |
Christian Ehrhardt |
attachment added |
|
ProcMisc.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865599/+files/ProcMisc.txt |
|
| 2017-04-20 16:12:47 |
Christian Ehrhardt |
attachment added |
|
ProcModules.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865600/+files/ProcModules.txt |
|
| 2017-04-20 16:12:49 |
Christian Ehrhardt |
attachment added |
|
ProcPpc64.tar.gz https://bugs.launchpad.net/bugs/1684481/+attachment/4865601/+files/ProcPpc64.tar.gz |
|
| 2017-04-20 16:12:51 |
Christian Ehrhardt |
attachment added |
|
UdevDb.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865602/+files/UdevDb.txt |
|
| 2017-04-20 16:12:53 |
Christian Ehrhardt |
attachment added |
|
WifiSyslog.txt https://bugs.launchpad.net/bugs/1684481/+attachment/4865603/+files/WifiSyslog.txt |
|
| 2017-04-20 16:12:56 |
Christian Ehrhardt |
attachment added |
|
nvram.gz https://bugs.launchpad.net/bugs/1684481/+attachment/4865604/+files/nvram.gz |
|
| 2017-04-20 16:13:52 |
Christian Ehrhardt |
linux (Ubuntu): status |
Incomplete |
New |
|
| 2017-04-20 16:15:23 |
Joshua Powers |
bug |
|
|
added subscriber Joshua Powers |
| 2017-04-20 16:31:18 |
Brad Figg |
linux (Ubuntu): status |
New |
Confirmed |
|
| 2017-04-20 22:36:29 |
Stéphane Graber |
lxd (Ubuntu): status |
New |
Invalid |
|
| 2017-04-21 06:38:03 |
Christian Ehrhardt |
attachment added |
|
libvirt-92d3d720-da19-41c4-bd87-563c4ee002ce.txt https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1684481/+attachment/4865928/+files/libvirt-92d3d720-da19-41c4-bd87-563c4ee002ce.txt |
|
| 2017-04-21 06:38:19 |
Christian Ehrhardt |
attachment added |
|
libvirt-92d3d720-da19-41c4-bd87-563c4ee002ce.files https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1684481/+attachment/4865929/+files/libvirt-92d3d720-da19-41c4-bd87-563c4ee002ce.files |
|
| 2017-04-21 06:39:40 |
Christian Ehrhardt |
attachment added |
|
libvirt-qemu-abstraction https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1684481/+attachment/4865930/+files/libvirt-qemu-abstraction |
|
| 2017-04-21 06:50:30 |
Christian Ehrhardt |
lxd (Ubuntu): status |
Invalid |
New |
|
| 2017-04-21 16:52:54 |
Stéphane Graber |
lxd (Ubuntu): status |
New |
Invalid |
|
| 2017-04-21 16:53:00 |
Stéphane Graber |
bug task added |
|
lxc (Ubuntu) |
|
| 2017-04-21 16:53:07 |
Stéphane Graber |
lxc (Ubuntu): status |
New |
Triaged |
|
| 2017-04-21 16:53:09 |
Stéphane Graber |
lxc (Ubuntu): importance |
Undecided |
Wishlist |
|
| 2017-04-21 22:16:32 |
Christian Brauner |
lxc (Ubuntu): status |
Triaged |
In Progress |
|
| 2017-04-22 08:03:45 |
Christian Brauner |
lxc (Ubuntu): status |
In Progress |
Fix Committed |
|
| 2017-04-22 08:03:53 |
Christian Brauner |
lxc (Ubuntu): assignee |
|
Christian Brauner (cbrauner) |
|
| 2017-04-24 05:40:08 |
Christian Ehrhardt |
linux (Ubuntu): status |
Confirmed |
Invalid |
|
| 2017-04-24 05:40:11 |
Christian Ehrhardt |
apparmor (Ubuntu): status |
New |
Won't Fix |
|
| 2017-06-21 00:17:23 |
Nobuto Murata |
bug |
|
|
added subscriber Nobuto Murata |
| 2020-03-26 02:39:34 |
Stéphane Graber |
lxc (Ubuntu): status |
Fix Committed |
Fix Released |
|
