There appears to be some type of apparmor profile issue between libvirt and xenner. Xenner is expected to be a valid emulator callable by libvirt.
Here's what I see even after unloading apparmor:
+ apparmor_status
apparmor module is loaded.
0 profiles are loaded.
0 profiles are in enforce mode.
0 profiles are in complain mode.
0 processes have profiles defined.
0 processes are in enforce mode :
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
+ virsh start Ubuntu-domU-x86-1
Connecting to uri: qemu:///system
error: Failed to start domain Ubuntu-domU-x86-1
error: internal error unable to start guest: libvir: error : cannot execute binary /usr/bin/xenner: Permission denied
+ tail /var/log/kern.log
Dec 15 13:18:54 grp-01-23-02 kernel: [ 5147.595329] type=1505 audit(1260901134.725:32): operation="profile_load" pid=13204 name=libvirt-74367128-9bd6-3264-3833-f661c47b464e
Dec 15 13:18:54 grp-01-23-02 kernel: [ 5147.598647] device vnet0 entered promiscuous mode
Dec 15 13:18:54 grp-01-23-02 kernel: [ 5147.599664] br0: port 2(vnet0) entering learning state
Dec 15 13:18:54 grp-01-23-02 kernel: [ 5147.600812] type=1503 audit(1260901134.735:33): operation="exec" pid=13208 parent=13207 profile="libvirt-74367128-9bd6-3264-3833-f661c47b464e" requested_mask="x::" denied_mask="x::" fsuid=0 ouid=0 name="/usr/bin/xenner"
Dec 15 13:18:54 grp-01-23-02 kernel: [ 5147.644365] br0: port 2(vnet0) entering disabled state
Dec 15 13:18:54 grp-01-23-02 kernel: [ 5147.683450] device vnet0 left promiscuous mode
Dec 15 13:18:54 grp-01-23-02 kernel: [ 5147.683454] br0: port 2(vnet0) entering disabled state
Dec 15 13:18:54 grp-01-23-02 kernel: [ 5147.828181] type=1505 audit(1260901134.957:34): operation="profile_remove" pid=13210 name=libvirt-74367128-9bd6-3264-3833-f661c47b464e namespace=default
Even with apparmor unloaded the kernel still loads a profile, denies access and then removes the profile. Maybe this is some type of apparmor bug or a kernel bug. Or maybe there needs to be an apparmor profile setting in the xenner package.
There appears to be some type of apparmor profile issue between libvirt and xenner. Xenner is expected to be a valid emulator callable by libvirt.
Here's what I see even after unloading apparmor:
+ apparmor_status
apparmor module is loaded.
0 profiles are loaded.
0 profiles are in enforce mode.
0 profiles are in complain mode.
0 processes have profiles defined.
0 processes are in enforce mode :
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
+ virsh start Ubuntu-domU-x86-1
Connecting to uri: qemu:///system
error: Failed to start domain Ubuntu-domU-x86-1
error: internal error unable to start guest: libvir: error : cannot execute binary /usr/bin/xenner: Permission denied
+ tail /var/log/kern.log 4.725:32) : operation= "profile_ load" pid=13204 name=libvirt- 74367128- 9bd6-3264- 3833-f661c47b46 4e 4.735:33) : operation="exec" pid=13208 parent=13207 profile= "libvirt- 74367128- 9bd6-3264- 3833-f661c47b46 4e" requested_ mask="x: :" denied_mask="x::" fsuid=0 ouid=0 name="/ usr/bin/ xenner" 4.957:34) : operation= "profile_ remove" pid=13210 name=libvirt- 74367128- 9bd6-3264- 3833-f661c47b46 4e namespace=default
Dec 15 13:18:54 grp-01-23-02 kernel: [ 5147.595329] type=1505 audit(126090113
Dec 15 13:18:54 grp-01-23-02 kernel: [ 5147.598647] device vnet0 entered promiscuous mode
Dec 15 13:18:54 grp-01-23-02 kernel: [ 5147.599664] br0: port 2(vnet0) entering learning state
Dec 15 13:18:54 grp-01-23-02 kernel: [ 5147.600812] type=1503 audit(126090113
Dec 15 13:18:54 grp-01-23-02 kernel: [ 5147.644365] br0: port 2(vnet0) entering disabled state
Dec 15 13:18:54 grp-01-23-02 kernel: [ 5147.683450] device vnet0 left promiscuous mode
Dec 15 13:18:54 grp-01-23-02 kernel: [ 5147.683454] br0: port 2(vnet0) entering disabled state
Dec 15 13:18:54 grp-01-23-02 kernel: [ 5147.828181] type=1505 audit(126090113
Even with apparmor unloaded the kernel still loads a profile, denies access and then removes the profile. Maybe this is some type of apparmor bug or a kernel bug. Or maybe there needs to be an apparmor profile setting in the xenner package.