Ubuntu
libvirt package

  1. Xenial (16.04)
  2. Bug #1686324
  3. Comment #10

Comment 10 for bug 1686324

Revision history for this message
Christian Ehrhardt  (paelzer) wrote :

Use a guest XML that already combines the USB Hostdev in it.

# cat testguest.xml
<domain type='kvm'>
    <name>testguest</name>
    <uuid>deadbeef-dead-beef-dead-beefdeadbeef</uuid>
    <memory unit='KiB'>1024</memory>
    <vcpu placement='static'>1</vcpu>
    <os>
        <type arch='x86_64' machine='pc-i440fx-zesty'>hvm</type>
        <boot dev='hd'/>
    </os>
    <features>
        <acpi/>
        <apic/>
        <pae/>
    </features>
    <devices>
        <emulator>/usr/bin/kvm-spice</emulator>
        <disk type='file' device='disk'>
            <driver name='qemu'/>
            <source file='/var/lib/libvirt/images/A.img'/>
            <target dev='vda'/>
        </disk>
    <hostdev mode='subsystem' type='usb' managed='yes'>
        <source>
            <vendor id='0x046d'/>
            <product id='0x0825'/>
        </source>
    </hostdev>
    </devices>
    <seclabel type='dynamic' model='apparmor' relabel='yes'/>
</domain>

root@ubuntu:~# virsh define testguest.xml
Domain testguest defined from testguest.xml

root@ubuntu:~# virsh start testguest
error: Failed to start domain testguest
error: internal error: process exited while connecting to monitor: warning: host doesn't support requested feature: CPUID.80000001H:ECX.svm [bit 2]
2017-10-25T10:31:34.412297Z qemu-system-x86_64: -device usb-host,hostbus=2,hostaddr=10,id=hostdev0,bus=usb.0,port=1: failed to find host usb device 2:10

Along that there are Apparmor denials:
[ 2260.676741] audit: type=1400 audit(1508927494.409:129): apparmor="DENIED" operation="open" profile="libvirt-deadbeef-dead-beef-dead-beefdeadbeef" name="/run/udev/data/c189:133" pid=9571 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0
[ 2260.677046] audit: type=1400 audit(1508927494.409:132): apparmor="DENIED" operation="open" profile="libvirt-deadbeef-dead-beef-dead-beefdeadbeef" name="/run/udev/data/c189:256" pid=9571 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0
[ 2260.677424] audit: type=1400 audit(1508927494.410:135): apparmor="DENIED" operation="open" profile="libvirt-deadbeef-dead-beef-dead-beefdeadbeef" name="/run/udev/data/c189:129" pid=9571 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0
[ 2260.677733] audit: type=1400 audit(1508927494.410:137): apparmor="DENIED" operation="open" profile="libvirt-deadbeef-dead-beef-dead-beefdeadbeef" name="/run/udev/data/c189:0" pid=9571 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0

The failed Profile for the guest has the wrong rule:
root@ubuntu:~# grep usb /etc/apparmor.d/libvirt/libvirt-deadbeef-dead-beef-dead-beefdeadbeef.files
  "/dev/bus/usb/000/000" rw,

# After upgrading to proposed no more errors while doing that.

root@ubuntu:~# apt install libvirt-daemon-system=3.6.0-1ubuntu6 libvirt-clients=3.6.0-1ubuntu6 libvirt-daemon=3.6.0-1ubuntu6 libvirt0=3.6.0-1ubuntu6
Reading package lists... Done
Building dependency tree
Reading state information... Done
Suggested packages:
  numad radvd auditd systemtap nfs-common zfsutils pm-utils
The following packages will be upgraded:
  libvirt-clients libvirt-daemon libvirt-daemon-system libvirt0
4 upgraded, 0 newly installed, 0 to remove and 29 not upgraded.
Need to get 4058 kB of archives.
After this operation, 0 B of additional disk space will be used.
Get:1 http://archive.ubuntu.com/ubuntu artful-proposed/main amd64 libvirt-daemon-system amd64 3.6.0-1ubuntu6 [78.5 kB]
Get:2 http://archive.ubuntu.com/ubuntu artful-proposed/main amd64 libvirt-clients amd64 3.6.0-1ubuntu6 [587 kB]
Get:3 http://archive.ubuntu.com/ubuntu artful-proposed/main amd64 libvirt-daemon amd64 3.6.0-1ubuntu6 [2149 kB]
Get:4 http://archive.ubuntu.com/ubuntu artful-proposed/main amd64 libvirt0 amd64 3.6.0-1ubuntu6 [1243 kB]
Fetched 4058 kB in 1s (3440 kB/s)
Preconfiguring packages ...
(Reading database ... 149517 files and directories currently installed.)
Preparing to unpack .../libvirt-daemon-system_3.6.0-1ubuntu6_amd64.deb ...
Unpacking libvirt-daemon-system (3.6.0-1ubuntu6) over (3.6.0-1ubuntu5) ...
Preparing to unpack .../libvirt-clients_3.6.0-1ubuntu6_amd64.deb ...
Unpacking libvirt-clients (3.6.0-1ubuntu6) over (3.6.0-1ubuntu5) ...
Preparing to unpack .../libvirt-daemon_3.6.0-1ubuntu6_amd64.deb ...
Unpacking libvirt-daemon (3.6.0-1ubuntu6) over (3.6.0-1ubuntu5) ...
Preparing to unpack .../libvirt0_3.6.0-1ubuntu6_amd64.deb ...
Unpacking libvirt0:amd64 (3.6.0-1ubuntu6) over (3.6.0-1ubuntu5) ...
Processing triggers for ureadahead (0.100.0-20) ...
Setting up libvirt0:amd64 (3.6.0-1ubuntu6) ...
Setting up libvirt-daemon (3.6.0-1ubuntu6) ...
Processing triggers for libc-bin (2.26-0ubuntu2) ...
Processing triggers for systemd (234-2ubuntu12) ...
Processing triggers for man-db (2.7.6.1-2) ...
Setting up libvirt-clients (3.6.0-1ubuntu6) ...
Setting up libvirt-daemon-system (3.6.0-1ubuntu6) ...
Installing new version of config file /etc/apparmor.d/abstractions/libvirt-qemu ...
virtlockd.service is a disabled or a static unit, not starting it.
Setting up libvirt-daemon dnsmasq configuration.
root@ubuntu:~#
root@ubuntu:~#
root@ubuntu:~# virsh list --all
 Id Name State
----------------------------------------------------
 - testguest shut off

root@ubuntu:~# virsh start testguest
Domain testguest started

The rule is correct now:

root@ubuntu:~# grep usb /etc/apparmor.d/libvirt/libvirt-deadbeef-dead-beef-dead-beefdeadbeef.files
"/dev/bus/usb/002/010" rw,

=> Verified

Note: since you likely came here for having issues with USB passthrough. While working on this I found related issues, please check the following bugs to be sure you not just have to add a config or so:
- bug 1727311
- bug 1727313