© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
There appears to be some type of apparmor profile issue between libvirt and xenner. Xenner is expected to be a valid emulator callable by libvirt.
Here's what I see even after unloading apparmor:
+ apparmor_status
apparmor module is loaded.
0 profiles are loaded.
0 profiles are in enforce mode.
0 profiles are in complain mode.
0 processes have profiles defined.
0 processes are in enforce mode :
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
+ virsh start Ubuntu-domU-x86-1
Connecting to uri: qemu:///system
error: Failed to start domain Ubuntu-domU-x86-1
error: internal error unable to start guest: libvir: error : cannot execute binary /usr/bin/xenner: Permission denied
+ tail /var/log/kern.log
Dec 15 13:18:54 grp-01-23-02 kernel: [ 5147.595329] type=1505 audit(126090113
Dec 15 13:18:54 grp-01-23-02 kernel: [ 5147.598647] device vnet0 entered promiscuous mode
Dec 15 13:18:54 grp-01-23-02 kernel: [ 5147.599664] br0: port 2(vnet0) entering learning state
Dec 15 13:18:54 grp-01-23-02 kernel: [ 5147.600812] type=1503 audit(126090113
Dec 15 13:18:54 grp-01-23-02 kernel: [ 5147.644365] br0: port 2(vnet0) entering disabled state
Dec 15 13:18:54 grp-01-23-02 kernel: [ 5147.683450] device vnet0 left promiscuous mode
Dec 15 13:18:54 grp-01-23-02 kernel: [ 5147.683454] br0: port 2(vnet0) entering disabled state
Dec 15 13:18:54 grp-01-23-02 kernel: [ 5147.828181] type=1505 audit(126090113
Even with apparmor unloaded the kernel still loads a profile, denies access and then removes the profile. Maybe this is some type of apparmor bug or a kernel bug. Or maybe there needs to be an apparmor profile setting in the xenner package.