Error generating apparmor profile when hostname contains spaces
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libvirt (Ubuntu) |
Fix Released
|
Medium
|
Unassigned |
Bug Description
1 host OS:
lsb_release -rd
Description: Ubuntu 10.10
Release: 10.10
Linux qiaoliyong-
2. Version of package:
~$ virsh --version
0.9.0
~$ kvm --version
QEMU PC emulator version 0.12.5 (qemu-kvm-0.12.5), Copyright (c) 2003-2008 Fabrice Bellard
3 when starting a vm , it appears:
internal error cannot generate AppArmor profile 'libvirt-
Qiao Liyong (qiaoly) wrote : | #1 |
Qiao Liyong (qiaoly) wrote : | #2 |
when create a vm ,it also appears:
'internal error cannot generate AppArmor profile 'libvirt-
Traceback (most recent call last):
File "/usr/local/
callback(
File "/usr/local/
guest.
File "/usr/local/
start_xml, final_xml, is_initial)
File "/usr/local/
dom = self.conn.
File "/usr/lib/
if ret is None:raise libvirtError(
libvirtError: internal error cannot generate AppArmor profile 'libvirt-
Jamie Strandboge (jdstrand) wrote : | #3 |
Thank you for using Ubuntu and reporting a bug. Unfortunately, the version of libvirt you are using is not a supported version and therefore I am marking this bug as Invalid. If you can reproduce this in a supported version of libvirt, please feel free to reopen, giving detailed instructions on how to reproduce the bug.
If you are going to go this route, I recommend removing any unofficial PPAs from your apt sources, then performing:
$ sudo apt-get update
$ sudo apt-get remove --purge libvirt0
$ sudo apt-get install libvirt-bin
(the supported version of libvirt on Ubuntu 10.10 is currently 0.8.3-1ubuntu18). Please note that performing the above will remove existing VM definitions as well as any changes to your libvirt configuration in /etc (which was the intent-- to start with a clean slate).
Changed in libvirt (Ubuntu): | |
status: | New → Invalid |
Mikkel Høgh (mikl) wrote : | #4 |
I have the same issue with libvirt 0.9.8-2ubuntu1 on Precise. It is the version that ships with Precise, so no custom versions here.
Changed in libvirt (Ubuntu): | |
status: | Invalid → Confirmed |
Mikkel Høgh (mikl) wrote : | #5 |
error: Failed to start domain pinova.example.com
error: internal error cannot load AppArmor profile 'libvirt-
Serge Hallyn (serge-hallyn) wrote : | #6 |
@Mikkel,
if you are still having this problem, please run 'apport-collect 799997' to have apport post debug info to this bug.
In the future please file a new bug rather than re-opening an invalid bug as we are more likely to see that.
Changed in libvirt (Ubuntu): | |
status: | Confirmed → Incomplete |
importance: | Undecided → High |
Ursula Junque (ursinha) wrote : | #7 |
I'm running Quantal, just removed/purged libvirt0 and installed that again. I'm still not able to run or create any other virtual machines using virt-manager, as this error message appears.
tags: | added: apport-collected quantal running-unity |
Ursula Junque (ursinha) wrote : apport information | #8 |
ApportVersion: 2.5.2-0ubuntu4
Architecture: amd64
DistroRelease: Ubuntu 12.10
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
KernLog:
Package: libvirt (not installed)
ProcCmdline: BOOT_IMAGE=
ProcVersionSign
Tags: quantal running-unity
Uname: Linux 3.5.0-15-generic x86_64
UpgradeStatus: Upgraded to quantal on 2012-09-08 (11 days ago)
UserGroups: adm admin cdrom dialout libvirtd lp lpadmin plugdev sambashare
Ursula Junque (ursinha) wrote : ProcEnviron.txt | #9 |
Ursula Junque (ursinha) wrote : RelatedPackageVersions.txt | #10 |
Changed in libvirt (Ubuntu): | |
status: | Incomplete → New |
Serge Hallyn (serge-hallyn) wrote : Re: error happen when using virsh to start a vm " internal error cannot generate AppArmor profile" | #11 |
@Ursula,
could you show the result of 'dpkg -l | grep libvirt' ?
Ursula Junque (ursinha) wrote : | #12 |
Hi Serge, sure:
14:59:48 ursula@marvin: ~ $ dpkg -l | grep libvirt
ii libvirt-bin 0.9.13-0ubuntu10 amd64 programs for the libvirt library
ii libvirt0 0.9.13-0ubuntu10 amd64 library for interfacing with different virtualization systems
ii libvirtodbc0 6.1.6+repack-
ii python-libvirt 0.9.13-0ubuntu10 amd64 libvirt Python bindings
Let me know if I can provide any other information.
Serge Hallyn (serge-hallyn) wrote : | #13 |
Thanks, Ursula - that gives me an idea, i will test.
Serge Hallyn (serge-hallyn) wrote : | #14 |
@Ursula,
hm, unable to reproduce this still.
Can you please show the contents of /etc/apparmor.
sudo grep -Hi uuid /etc/libvirt/
Changed in libvirt (Ubuntu): | |
status: | New → Incomplete |
Ursula Junque (ursinha) wrote : | #15 |
Here it is:
16:12:57 ursula@marvin: ~ $ ls -l /etc/apparmor.
total 4
-rw-r--r-- 1 root root 164 Sep 14 13:24 TEMPLATE
16:13:06 ursula@marvin: ~ $ sudo grep -Hi uuid /etc/libvirt/
/etc/libvirt/
Changed in libvirt (Ubuntu): | |
status: | Incomplete → New |
Launchpad Janitor (janitor) wrote : | #16 |
Status changed to 'Confirmed' because the bug affects multiple users.
Changed in libvirt (Ubuntu): | |
status: | New → Confirmed |
Serge Hallyn (serge-hallyn) wrote : Re: [Bug 799997] Re: error happen when using virsh to start a vm " internal error cannot generate AppArmor profile" | #17 |
Quoting Ursula Junque (<email address hidden>):
> Here it is:
>
> 16:12:57 ursula@marvin: ~ $ ls -l /etc/apparmor.
> total 4
> -rw-r--r-- 1 root root 164 Sep 14 13:24 TEMPLATE
>
> 16:13:06 ursula@marvin: ~ $ sudo grep -Hi uuid /etc/libvirt/
> /etc/libvirt/
So that vm won't start because it doesn't have an apparmor profile. I'm
not convinced that the purge of libvirt0 deleted the profile, because I
can't get purge to do that.
Can you now try and create a new (ubuntu server, or whatever) VM with
virt-manager, and show (a) the exact error output and (b) the output
of the same questions as above while the error message is up?
thanks!
Ursula Junque (ursinha) wrote : Re: error happen when using virsh to start a vm " internal error cannot generate AppArmor profile" | #18 |
Hi Serge,
I tried to create a new Windows VM yesterday and today, and the error is the same, BUT when trying to create an Ubuntu VM, it worked!
Unable to complete install: 'internal error cannot load AppArmor profile 'libvirt-
Traceback (most recent call last):
File "/usr/share/
callback(
File "/usr/share/
guest.
File "/usr/lib/
noboot)
File "/usr/lib/
dom = self.conn.
File "/usr/lib/
if ret is None:raise libvirtError(
libvirtError: internal error cannot load AppArmor profile 'libvirt-
What's the issue then? Should the package, when purged, have deleted that file?
Serge Hallyn (serge-hallyn) wrote : | #19 |
Ursula,
After trying to create the new windows vm, can you please show the contents of /etc/apparmor.
sudo grep -Hi uuid /etc/libvirt/
Serge Hallyn (serge-hallyn) wrote : | #20 |
The package should not have deleted that file, and neither precise nor quantal have libvirt-bin.postrm doing that, which is why I worry something else may be going on.
Serge Hallyn (serge-hallyn) wrote : | #21 |
(marking incomplete awaiting answer to comment #19)
Changed in libvirt (Ubuntu): | |
status: | Confirmed → Incomplete |
Ursula Junque (ursinha) wrote : | #22 |
Hi Serge, sorry about the delay. I managed to create another windows virtual machine successfully, after removing the old disk image and creating another one (the removal was accidental, oops :/). So this is what's left:
19:01:47 ursula@marvin: ~ $ ls -l /etc/apparmor.
total 12
-rw-r--r-- 1 root root 265 Sep 21 14:40 libvirt-
-rw-r--r-- 1 root root 572 Sep 21 14:40 libvirt-
-rw-r--r-- 1 root root 164 Sep 14 13:24 TEMPLATE
18:59:50 ursula@marvin: ~ $ sudo grep -Hi uuid /etc/libvirt/
/etc/libvirt/
/etc/libvirt/
Please, let me know if I can do anything else to help.
Changed in libvirt (Ubuntu): | |
status: | Incomplete → Confirmed |
Serge Hallyn (serge-hallyn) wrote : Re: [Bug 799997] Re: error happen when using virsh to start a vm " internal error cannot generate AppArmor profile" | #23 |
Quoting Ursula Junque (<email address hidden>):
> Hi Serge, sorry about the delay. I managed to create another windows
> virtual machine successfully, after removing the old disk image and
By this do you mean that the windows VM actually runs fine? Or does
it fail to start the same way as the other?
> creating another one (the removal was accidental, oops :/). So this is
> what's left:
>
> 19:01:47 ursula@marvin: ~ $ ls -l /etc/apparmor.
> total 12
> -rw-r--r-- 1 root root 265 Sep 21 14:40 libvirt-
> -rw-r--r-- 1 root root 572 Sep 21 14:40 libvirt-
Odd, this uuid doesn't match the uuids in the .xml files.
> -rw-r--r-- 1 root root 164 Sep 14 13:24 TEMPLATE
>
>
> 18:59:50 ursula@marvin: ~ $ sudo grep -Hi uuid /etc/libvirt/
> /etc/libvirt/
> /etc/libvirt/
>
> Please, let me know if I can do anything else to help.
Are the virt-manager client and the libvirt server running the same
release?
Ursula Junque (ursinha) wrote : Re: error happen when using virsh to start a vm " internal error cannot generate AppArmor profile" | #24 |
> By this do you mean that the windows VM actually runs fine? Or does
> it fail to start the same way as the other?
Yes, sorry, I mean it now runs fine, I got no more of that error after deleting the image and creating it again.
> Are the virt-manager client and the libvirt server running the same
> release?
I'm not sure if I got the question, I can say I installed the packages from Ubuntu repository and just upgraded the machine to quantal.
Ryan Lovett (ryan-spacecoaster) wrote : | #25 |
This is happening to me on precise. I try to create a virtual machine in virt-manager, customize the configuration, click Begin Installation, then the error pops up:
Unable to complete install: 'internal error cannot load AppArmor profile 'libvirt-
where that uuid is not in /etc/apparmor.
Unable to complete install: 'internal error cannot load AppArmor profile 'libvirt-
Traceback (most recent call last):
File "/usr/share/
callback(
File "/usr/share/
guest.
File "/usr/lib/
noboot)
File "/usr/lib/
dom = self.conn.
File "/usr/lib/
if ret is None:raise libvirtError(
libvirtError: internal error cannot load AppArmor profile 'libvirt-
Ryan Lovett (ryan-spacecoaster) wrote : | #26 |
I had to run "adduser libvirt-qemu libvirtd" to get past this.
Serge Hallyn (serge-hallyn) wrote : | #27 |
@Ryan,
thanks for the info. The adduser libvirt-qemu libvirtd should however be spurious. libvirt-qemu is never plced in group libvirtd, /etc/apparmor.
Has anyone had this happen without using virt-manager?
Michael Cook (michaelcook-mjc) wrote : | #28 |
FWIW I ran into this error when I changed a KVM guest name from "kvm-4.0" to "kvm-4.0 (new)" in the xml file and performed a virsh define. The naming convention is enforced in Virt Manager (no brackets or special symbols). There seems to be no checking on virsh define from the cmd line. There seems to be some dependency (at least with apparmour) on name format.
I returned the name of the machine back to the original "kvm-4.0" and it runs fine. I then tried another name "kvm-4.0 test". This failed. I think tried "kvm-4.0.1" this worked. I dont have time to try out more variations on machine name but it may help this investigation. (I did not look for or change apparmour profiles, I did try removing and re-adding disk images but this made no difference. I also created a new machine via the Virt Manager UI and this made no difference.).
xuanmingyi (xuanmingyi) wrote : | #29 |
I also met the error.
I think it may the program have no access to create a file in /etc/apparmor.
I try to `aa-complain libvirtd` ,but it didn't work.
I think if you install a lxc ,then install the libvirt.You may met the error again.
Help!
Dale Amon (amon) wrote : | #30 |
I have the same issue. I brought up a machine with a de novo install of Quantal server amd64.
I transferred a VM from the old server that is out of service by moving the disk containing. Made the one edit
change to the xml of the VM so that path to its main disk was correct in the new environment.
virsh define xml/hostname.xml
and I got the same problems as discussed. I thought perhaps apparmor did not like my /lib4/vmpool1, which is where
the images reside, so I added to /etc/apparmor.
/lib4/vmpool1/ r,
/lib4/vmpool1/** r,
but that did nothing either. Something is very wrong. This should have just *worked*, first try, no fiddling.
Dale Amon (amon) wrote : | #31 |
Note: This is time critical. If I cannot find a solution within the next couple days, I will have to either rip apparmor out by the roots or switch to Debian... a week from now I will be 8000 miles from this machine, so by definition it will be operating properly before then...
Jamie Strandboge (jdstrand) wrote : | #32 |
Due to the way libvirt handles logging, this error message could be many things and is unfortunately quite generic. For people having this problem, can you post your domain xml for the affected VM and any apparmor denials from /var/log/kern.log?
As a workaround, people don't need to 'rip out apparmor', they can simply disable the apparmor profile for libvirtd (note that apparmor is protecting a lot of different things on a typical system, so it is best to disable just the profile that is having the problem). Eg:
$ sudo aa-disable /etc/apparmor.
Then stop and start libvirtd.
Dale Amon (amon) wrote : | #33 |
# virsh dumpxml myhost..org
<domain type='qemu'>
<name>
<uuid>
<memory unit='KiB'
<currentMemory unit='KiB'
<vcpu placement=
<os>
<type arch='i686' machine=
<boot dev='hd'/>
</os>
<features>
<acpi/>
<apic/>
<pae/>
</features>
<clock offset='utc'/>
<on_poweroff>
<on_reboot>
<on_crash>
<devices>
<emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='raw'/>
<source file='/
<target dev='hda' bus='ide'/>
<address type='drive' controller='0' bus='0' target='0' unit='0'/>
</disk>
<controller type='ide' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
</controller>
<controller type='usb' index='0'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
</controller>
<interface type='bridge'>
<mac address=
<source bridge='br0'/>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
<serial type='pty'>
<target port='0'/>
</serial>
<console type='pty'>
<target type='serial' port='0'/>
</console>
<input type='mouse' bus='ps2'/>
<graphics type='vnc' port='-1' autoport='yes'/>
<video>
<model type='cirrus' vram='9216' heads='1'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</video>
<memballoon model='virtio'>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/>
</memballoon>
</devices>
</domain>
# grep virt /var/log/kern.log
Dec 29 13:29:28 library kernel: [ 0.000000] Booting paravirtualized kernel on bare hardware
Dec 29 13:29:28 library kernel: [ 8.053331] type=1400 audit(135678776
Dec 29 13:29:28 library kernel: [ 8.060934] type=1400 audit(135678776
Dec 29 13:31:43 library kernel: [ 0.000000] Booting paravirtualized kernel on bare hardware
Dec 29 13:31:43 library kernel: [ 10.447494] type=1400 audit(135678790
Dec 29 13:35:02 library kernel: [ 0.000000] Booting paravirtualized kernel on bare hardware
Dec 29 13:35:02 library kernel: [ 7.631940] type=1400 audit(135678810
Dec 29 13:35:02 library kernel: [ 7.632210] type=1400 audit(135678810
# virsh start mourne.
e...
Jamie Strandboge (jdstrand) wrote : | #34 |
A typical (though unfortunately undocumented (we should really add this to the wiki somewhere)) is to do something like (see /usr/lib/
If profile does not exist:
export VM=foo ; virsh dumpxml $VM | sudo /usr/lib/
If profile already does exist:
export VM=foo ; virsh dumpxml $VM | sudo /usr/lib/
So, I saved your xml to /tmp/xml, then did:
cat /tmp/xml | sudo /usr/lib/
virt-aa-helper: warning: path does not exist, skipping file type checks
virt-aa-helper: error: /lib4/vmpool1/
virt-aa-helper: error: skipped restricted file
virt-aa-helper: error: invalid VM definition
What is happening is that virt-aa-helper does some safety checks and notices that the disk (a writable file) is in the non-standard directory that starts with /lib, so it skips the file. Because this file is the disk, it fails with 'invalid VM definition'. The bad news is that the restricted file checks are hardcoded in the source code for virt-aa-helper. The good news is that if you move it somewhere else (eg, /srv/vmpool1/
$ cat /tmp/xml | sudo /usr/lib/
virt-aa-helper: warning: path does not exist, skipping file type checks
2012-12-29 19:30:27.679+0000: 10245: info : libvirt version: 0.9.13
2012-12-29 19:30:27.679+0000: 10245: warning : virDomainDiskDe
$ sudo aa-status | grep libvirt-
libvirt-
Dale Amon (amon) wrote : | #35 |
Oh my. I would call that a bug. True, I can do a workaround to cover my immediate emergency, I will probably have to change my disk structure since the root disk is intentionally pretty small... but what if I were running hundreds or thousands of VM's? And even worse, on another system (which is fortunately Debian), different groups of users have their own private disks with multiple VM's on each,
I really think this needs to be fixed.
Dale Amon (amon) wrote : | #36 |
I would worry that my small complaints are the least of your worries. If someone with a very large farm of VM's happens to update to this version... you could be hearing from someone with thousands of screaming customers. It would not be surprising to me if someone with large systems had their own internal standards for where their VM pools go. It is not necessarily the case that everyone is going to choose /srv.
Dale Amon (amon) wrote : | #37 |
Okay, I used the suggested hack and changed my mount point from lib4 to srv. I have my VM up so I am sorted. But I only have a handful. I would hate to be in shoes of the person responsible for this change if someone is so foolish as to upgrade a critical system without lab testing the upgrade first. So if I were you, I would worry about that guy...
Jamie Strandboge (jdstrand) wrote : | #38 |
virt-aa-helper has done this for as long as I can remember. /lib4 is not an FHS compliant location to store volatile data like VMs, which is what virt-aa-helper is trying to enforce (ie, if someone is trying to also restrict libvirtd itself, then virt-aa-helper has to be careful to not allow someone with libvirtd qemu:///system access to various files which could be used to escalate privileges.
Jürgen (j-w-ott) wrote : | #39 |
I have removed spaces from hostname that did the trick with 13.04
Serge Hallyn (serge-hallyn) wrote : | #40 |
has anyone reproduced the original bug (/etc/apparmor.
Changed in libvirt (Ubuntu): | |
status: | Confirmed → Incomplete |
David McNeill (davemc) wrote : | #41 |
Yep, I've struck the original bug.
Create a basic qemu VM, which runs fine....
qemu-img create -f qcow2 /VMs/p2.img 4G
Feed it some CD ROM to install
qemu -cdrom /VMs/Downloads/
Then start it normally without a cd
qemu -m 512 -boot d /VMs/p2.img
Put the args above in a file and create a domain xml file from arguments....
virsh domxml-from-native qemu-argv p2.args > p2.xml
(d-f-n creates valid xml, but are all the parameters correct?)
Suck the xml in
virsh define p2.xml
Start the vm
Get the original error above.
virsh # version
Compiled against library: libvirt 1.0.2
Using library: libvirt 1.0.2
Using API: QEMU 1.0.2
Running hypervisor: QEMU 1.4.0
Serge Hallyn (serge-hallyn) wrote : Re: [Bug 799997] Re: error happen when using virsh to start a vm " internal error cannot generate AppArmor profile" | #42 |
I see three things happening when I reproduce this.
First, to do this with domxml-from-native you need to give a more
complete command. (Whether or not this is a bug in virsh depends on
whether qemu is still *supposed* to support giving the drive disk as
a standalone argument.)
Second, your command did not provide full pathnames for kvm or for
drives. virsh domxml-to-native doesn't expand those for you.
Third, even when fixing those up in the xml file, then doing
virsh define z.xml
virsh dumpxml unnamed > z2.xml
/usr/
I get
virt-aa-helper: error: invalid UUID
(This also happens if I add '-u <uuid-from-xml>' to the command)
status: confirmed
Changed in libvirt (Ubuntu): | |
status: | Incomplete → Confirmed |
Vincent Gerris (vgerris) wrote : Re: error happen when using virsh to start a vm " internal error cannot generate AppArmor profile" | #43 |
Same issue here. Removing space fixes the AppArmour message.
Vincent Gerris (vgerris) wrote : | #44 |
That is on Ubuntu 14.04 with recent updates by the way:
virsh --version
1.2.2
3.13.0-37-generic #64-Ubuntu SMP Mon Sep 22 21:28:38 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
summary: |
- error happen when using virsh to start a vm " internal error cannot - generate AppArmor profile" + Error generating apparmor profile when hostname contains spaces |
Changed in libvirt (Ubuntu): | |
importance: | High → Medium |
Serge Hallyn (serge-hallyn) wrote : | #45 |
I've seen other problems with spaces in vm names.
We could convert spaces to '-' in apparmor profiles, but I'm tempted to say let's just refuse to allow spaces in vm names.
What do people think?
Serge Hallyn (serge-hallyn) wrote : | #46 |
Note that for lxd we've specifically disallowed anything that can cause problems with some dns servers (no '.', no ' '. no leading '-')
Serge Hallyn (serge-hallyn) wrote : | #47 |
@jdstrand
virt-aa-helper.c explicitly refuses to allow a space in the vm name
(in valid_name()). Is there any way that would be relaxed, or is that
deemed to dangerous/
If it can't be relaxed, then we should bail earlier / with a clearer
message in libvirt.
Jamie Strandboge (jdstrand) wrote : | #48 |
The reason why it didn't allow it is because libvirt didn't handle spaces in the names well at the time. If libvirt handles it ok, then it would be ok to allow it in virt-aa-helper.c since libvirt quotes all its file rule paths in the .files (except I just noticed /dev/vhost-net-- it should probably be fixed to do that). You would definitely want to thoroughly test this because, as mentioned, libvirt itself had issues with this in the past.
Serge Hallyn (serge-hallyn) wrote : Re: [Bug 799997] Re: Error generating apparmor profile when hostname contains spaces | #49 |
Well, while that may long-term be a good thing to look into, since
effectively noone could have been using vms with spaces in the names
successfully until now anyway, perhaps patching our libvirt to bail
out earlier on spaces in vm names would be the better+safer approach.
James Thomas Moon (jtm-moon-forum-user+launchpad) wrote : | #50 |
Still occurs on Ubuntu 14.04 using libvirt 1.2.2 .
Here are my reproduction steps.
Try with " " in <name>:
$ tar -xvf my-vm.tar.gz
my-vm/
my-
my-vm/my-vm.xml
$ cd my-vm/
# <name> has space
$ grep -Fe '<name>' -- my-vm.xml
<name>My VM</name>
$ sudo virsh define my-vm.xml
Domain My VM defined from my-vm.xml
# BUG: fails to start
$ sudo virsh start "My VM"
error: Failed to start domain My VM
error: internal error: cannot load AppArmor profile 'libvirt-
Remove bad KVM:
$ sudo virsh undefine "My VM"
Domain My VM has been undefined
Try again without " ", use "-":
$ vim my-vm.xml
# <name> without spaces
$ grep -Fe '<name>' -- my-vm.xml
<
$ sudo virsh define my-vm.xml
Domain My-VM defined from my-vm.xml
# starts
$ sudo virsh start "My-VM"
Using software versions
$ sudo dpkg -l | grep libvirt
ii libvirt-bin 1.2.2-0ubuntu13
ii libvirt0 1.2.2-0ubuntu13
ii python-libvirt 1.2.2-0ubuntu2 amd64 libvirt Python bindings
$ sudo uname -a
Linux localhost 3.13.0-77-generic #121-Ubuntu SMP Wed Jan 20 10:50:42 UTC 2016 x86_64 x86_64 x86_64 GNU/Linux
$ lsb_release -a
Description: Ubuntu 14.04.3 LTS
Serge Hallyn (serge-hallyn) wrote : | #51 |
@jdstrand
indeed dropping space from the list in valid_name seems to fix it and work. i can virsh define/
This will have to wait until 16.10 opens so there's no real hurry...
tags: | added: server-next |
tags: | added: virt-aa-helper |
tags: | removed: server-next |
Christian Ehrhardt (paelzer) wrote : | #52 |
Did some experiments and dropping the space from the bad chars makes it work for me as well.
Added a change for that and also enqueued the addition of quotes to the static rules.
I still expect issues with spaces down the road in some parts of libvirt, but if spaces are going to be forbidden it is not virt-aa-helper to do so - instead it would be a per HVM type check and/or the xml schema.
I will submit all that upstream together with some other virt-aa-helper changes I work on in a few days.
Christian Ehrhardt (paelzer) wrote : | #53 |
Related changes upstream now, will be picked no next merge.
Likely consider picking in advance as soon as BB opens up.
Christian Ehrhardt (paelzer) wrote : | #54 |
Actually this one has to wait for BB, not SRU worthy (especially after all the time hard to argument), but hey it will be resolved on the next merge for sure being upstream now.
tags: | added: libvirt-18.04 |
Launchpad Janitor (janitor) wrote : | #55 |
This bug was fixed in the package libvirt - 4.0.0-1ubuntu1
---------------
libvirt (4.0.0-1ubuntu1) bionic; urgency=medium
* Merged with Debian unstable (4.0)
This closes several bugs:
- Error generating apparmor profile when hostname contains spaces
(LP: #799997)
- qemu 2.10 locks files, libvirt shared now sets share-rw=on (LP: #1716028)
- libvirt usb passthrough throws apparmor denials related to
/
- AppArmor denies access to /sys/block/
- iohelper improvements to let bypass-cache work without opening up the
apparmor isolation (LP: #1719579)
- nodeinfo on s390x to contain more CPU info (LP: #1733688)
- Upgrade libvirt >= 4.0 (LP: #1745934)
* Remaining changes:
- Disable libssh2 support (universe dependency)
- Disable firewalld support (universe dependency)
- Disable selinux
- Set qemu-group to kvm (for compat with older ubuntu)
- Additional apport package-hook
- Modifications to adapt for our delayed switch away from libvirt-bin (can
be dropped >18.04).
+ d/p/ubuntu/
to old service name so that old references work
+ d/p/ubuntu/
to old service name so that old references work
+ d/control: transitional package with the old name and maintainer
scripts to handle the transition
- Backwards compatible handling of group rename (can be dropped >18.04).
- config details and autostart of default bridged network. Creating that is
now the default in general, yet our solution provides the following on
top as of today:
+ autostart the default network by default
+ do not autostart if subnet is already taken (e.g. in guests).
- d/p/ubuntu/
the group based access to libvirt functions as it was used in Ubuntu
for quite long.
+ d/p/ubuntu/
due to the group access change.
- ubuntu/
- d/p/ubuntu/
which provided a separate kvm-spice.
- d/p/ubuntu/
section that adapts the path of the emulator to the Debian/Ubuntu
packaging is kept.
- d/p/ubuntu/
set VRAM to minimum requirements
- d/p/ubuntu/
- Add libxl log directory
- libvirt-uri.sh: Automatically switch default libvirt URI for users on
Xen dom0 via user profile (was missing on changelogs before)
- d/p/ubuntu/
included_
- Update README.Debian with Ubuntu changes
- Convert libvirt0, libnss_libvirt and libvirt-dev to multi-arch.
- Enable some additional features on ppc...
Changed in libvirt (Ubuntu): | |
status: | Confirmed → Fix Released |
Error starting domain: internal error cannot generate AppArmor profile 'libvirt- abe9380c- eab7-fe6f- 1b49-21a511bdd1 29'
Traceback (most recent call last): share/virt- manager/ virtManager/ asyncjob. py", line 45, in cb_wrapper asyncjob, *args, **kwargs) share/virt- manager/ virtManager/ engine. py", line 959, in asyncfunc share/virt- manager/ virtManager/ domain. py", line 1114, in startup _backend. create( ) python2. 6/dist- packages/ libvirt. py", line 362, in create abe9380c- eab7-fe6f- 1b49-21a511bdd1 29'
File "/usr/local/
callback(
File "/usr/local/
vm.startup()
File "/usr/local/
self.
File "/usr/lib/
if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self)
libvirtError: internal error cannot generate AppArmor profile 'libvirt-