The failed Profile for the guest has the wrong rule:
root@ubuntu:~# grep usb /etc/apparmor.d/libvirt/libvirt-deadbeef-dead-beef-dead-beefdeadbeef.files
"/dev/bus/usb/000/000" rw,
# After upgrading to proposed no more errors while doing that.
root@ubuntu:~# apt install libvirt-daemon-system=3.6.0-1ubuntu6 libvirt-clients=3.6.0-1ubuntu6 libvirt-daemon=3.6.0-1ubuntu6 libvirt0=3.6.0-1ubuntu6
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
numad radvd auditd systemtap nfs-common zfsutils pm-utils
The following packages will be upgraded:
libvirt-clients libvirt-daemon libvirt-daemon-system libvirt0
4 upgraded, 0 newly installed, 0 to remove and 29 not upgraded.
Need to get 4058 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu artful-proposed/main amd64 libvirt-daemon-system amd64 3.6.0-1ubuntu6 [78.5 kB]
Get:2 http://archive.ubuntu.com/ubuntu artful-proposed/main amd64 libvirt-clients amd64 3.6.0-1ubuntu6 [587 kB]
Get:3 http://archive.ubuntu.com/ubuntu artful-proposed/main amd64 libvirt-daemon amd64 3.6.0-1ubuntu6 [2149 kB]
Get:4 http://archive.ubuntu.com/ubuntu artful-proposed/main amd64 libvirt0 amd64 3.6.0-1ubuntu6 [1243 kB]
Fetched 4058 kB in 1s (3440 kB/s)
Preconfiguring packages ...
(Reading database ... 149517 files and directories currently installed.)
Preparing to unpack .../libvirt-daemon-system_3.6.0-1ubuntu6_amd64.deb ...
Unpacking libvirt-daemon-system (3.6.0-1ubuntu6) over (3.6.0-1ubuntu5) ...
Preparing to unpack .../libvirt-clients_3.6.0-1ubuntu6_amd64.deb ...
Unpacking libvirt-clients (3.6.0-1ubuntu6) over (3.6.0-1ubuntu5) ...
Preparing to unpack .../libvirt-daemon_3.6.0-1ubuntu6_amd64.deb ...
Unpacking libvirt-daemon (3.6.0-1ubuntu6) over (3.6.0-1ubuntu5) ...
Preparing to unpack .../libvirt0_3.6.0-1ubuntu6_amd64.deb ...
Unpacking libvirt0:amd64 (3.6.0-1ubuntu6) over (3.6.0-1ubuntu5) ...
Processing triggers for ureadahead (0.100.0-20) ...
Setting up libvirt0:amd64 (3.6.0-1ubuntu6) ...
Setting up libvirt-daemon (3.6.0-1ubuntu6) ...
Processing triggers for libc-bin (2.26-0ubuntu2) ...
Processing triggers for systemd (234-2ubuntu12) ...
Processing triggers for man-db (2.7.6.1-2) ...
Setting up libvirt-clients (3.6.0-1ubuntu6) ...
Setting up libvirt-daemon-system (3.6.0-1ubuntu6) ...
Installing new version of config file /etc/apparmor.d/abstractions/libvirt-qemu ...
virtlockd.service is a disabled or a static unit, not starting it.
Setting up libvirt-daemon dnsmasq configuration.
root@ubuntu:~#
root@ubuntu:~#
root@ubuntu:~# virsh list --all
Id Name State
----------------------------------------------------
- testguest shut off
root@ubuntu:~# virsh start testguest
Domain testguest started
The rule is correct now:
root@ubuntu:~# grep usb /etc/apparmor.d/libvirt/libvirt-deadbeef-dead-beef-dead-beefdeadbeef.files
"/dev/bus/usb/002/010" rw,
=> Verified
Note: since you likely came here for having issues with USB passthrough. While working on this I found related issues, please check the following bugs to be sure you not just have to add a config or so:
- bug 1727311
- bug 1727313
Use a guest XML that already combines the USB Hostdev in it.
# cat testguest.xml testguest< /name> deadbeef- dead-beef- dead-beefdeadbe ef</uuid> >1024</ memory> 'static' >1</vcpu> 'pc-i440fx- zesty'> hvm</type>
<emulator> /usr/bin/ kvm-spice< /emulator> var/lib/ libvirt/ images/ A.img'/ >
<product id='0x0825'/>
<domain type='kvm'>
<name>
<uuid>
<memory unit='KiB'
<vcpu placement=
<os>
<type arch='x86_64' machine=
<boot dev='hd'/>
</os>
<features>
<acpi/>
<apic/>
<pae/>
</features>
<devices>
<disk type='file' device='disk'>
<driver name='qemu'/>
<source file='/
<target dev='vda'/>
</disk>
<hostdev mode='subsystem' type='usb' managed='yes'>
<source>
<vendor id='0x046d'/>
</source>
</hostdev>
</devices>
<seclabel type='dynamic' model='apparmor' relabel='yes'/>
</domain>
root@ubuntu:~# virsh define testguest.xml
Domain testguest defined from testguest.xml
root@ubuntu:~# virsh start testguest :ECX.svm [bit 2] 25T10:31: 34.412297Z qemu-system-x86_64: -device usb-host, hostbus= 2,hostaddr= 10,id=hostdev0, bus=usb. 0,port= 1: failed to find host usb device 2:10
error: Failed to start domain testguest
error: internal error: process exited while connecting to monitor: warning: host doesn't support requested feature: CPUID.80000001H
2017-10-
Along that there are Apparmor denials: 4.409:129) : apparmor="DENIED" operation="open" profile= "libvirt- deadbeef- dead-beef- dead-beefdeadbe ef" name="/ run/udev/ data/c189: 133" pid=9571 comm="qemu- system- x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0 4.409:132) : apparmor="DENIED" operation="open" profile= "libvirt- deadbeef- dead-beef- dead-beefdeadbe ef" name="/ run/udev/ data/c189: 256" pid=9571 comm="qemu- system- x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0 4.410:135) : apparmor="DENIED" operation="open" profile= "libvirt- deadbeef- dead-beef- dead-beefdeadbe ef" name="/ run/udev/ data/c189: 129" pid=9571 comm="qemu- system- x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0 4.410:137) : apparmor="DENIED" operation="open" profile= "libvirt- deadbeef- dead-beef- dead-beefdeadbe ef" name="/ run/udev/ data/c189: 0" pid=9571 comm="qemu- system- x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0
[ 2260.676741] audit: type=1400 audit(150892749
[ 2260.677046] audit: type=1400 audit(150892749
[ 2260.677424] audit: type=1400 audit(150892749
[ 2260.677733] audit: type=1400 audit(150892749
The failed Profile for the guest has the wrong rule: d/libvirt/ libvirt- deadbeef- dead-beef- dead-beefdeadbe ef.files bus/usb/ 000/000" rw,
root@ubuntu:~# grep usb /etc/apparmor.
"/dev/
# After upgrading to proposed no more errors while doing that.
root@ubuntu:~# apt install libvirt- daemon- system= 3.6.0-1ubuntu6 libvirt- clients= 3.6.0-1ubuntu6 libvirt- daemon= 3.6.0-1ubuntu6 libvirt0= 3.6.0-1ubuntu6 daemon- system libvirt0 archive. ubuntu. com/ubuntu artful- proposed/ main amd64 libvirt- daemon- system amd64 3.6.0-1ubuntu6 [78.5 kB] archive. ubuntu. com/ubuntu artful- proposed/ main amd64 libvirt-clients amd64 3.6.0-1ubuntu6 [587 kB] archive. ubuntu. com/ubuntu artful- proposed/ main amd64 libvirt-daemon amd64 3.6.0-1ubuntu6 [2149 kB] archive. ubuntu. com/ubuntu artful- proposed/ main amd64 libvirt0 amd64 3.6.0-1ubuntu6 [1243 kB] daemon- system_ 3.6.0-1ubuntu6_ amd64.deb ... daemon- system (3.6.0-1ubuntu6) over (3.6.0-1ubuntu5) ... clients_ 3.6.0-1ubuntu6_ amd64.deb ... daemon_ 3.6.0-1ubuntu6_ amd64.deb ... 3.6.0-1ubuntu6_ amd64.deb ... daemon- system (3.6.0-1ubuntu6) ... d/abstractions/ libvirt- qemu ... ------- ------- ------- ------- ------- ------- ---
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
numad radvd auditd systemtap nfs-common zfsutils pm-utils
The following packages will be upgraded:
libvirt-clients libvirt-daemon libvirt-
4 upgraded, 0 newly installed, 0 to remove and 29 not upgraded.
Need to get 4058 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://
Get:2 http://
Get:3 http://
Get:4 http://
Fetched 4058 kB in 1s (3440 kB/s)
Preconfiguring packages ...
(Reading database ... 149517 files and directories currently installed.)
Preparing to unpack .../libvirt-
Unpacking libvirt-
Preparing to unpack .../libvirt-
Unpacking libvirt-clients (3.6.0-1ubuntu6) over (3.6.0-1ubuntu5) ...
Preparing to unpack .../libvirt-
Unpacking libvirt-daemon (3.6.0-1ubuntu6) over (3.6.0-1ubuntu5) ...
Preparing to unpack .../libvirt0_
Unpacking libvirt0:amd64 (3.6.0-1ubuntu6) over (3.6.0-1ubuntu5) ...
Processing triggers for ureadahead (0.100.0-20) ...
Setting up libvirt0:amd64 (3.6.0-1ubuntu6) ...
Setting up libvirt-daemon (3.6.0-1ubuntu6) ...
Processing triggers for libc-bin (2.26-0ubuntu2) ...
Processing triggers for systemd (234-2ubuntu12) ...
Processing triggers for man-db (2.7.6.1-2) ...
Setting up libvirt-clients (3.6.0-1ubuntu6) ...
Setting up libvirt-
Installing new version of config file /etc/apparmor.
virtlockd.service is a disabled or a static unit, not starting it.
Setting up libvirt-daemon dnsmasq configuration.
root@ubuntu:~#
root@ubuntu:~#
root@ubuntu:~# virsh list --all
Id Name State
-------
- testguest shut off
root@ubuntu:~# virsh start testguest
Domain testguest started
The rule is correct now:
root@ubuntu:~# grep usb /etc/apparmor. d/libvirt/ libvirt- deadbeef- dead-beef- dead-beefdeadbe ef.files usb/002/ 010" rw,
"/dev/bus/
=> Verified
Note: since you likely came here for having issues with USB passthrough. While working on this I found related issues, please check the following bugs to be sure you not just have to add a config or so:
- bug 1727311
- bug 1727313