I also did a full upgrade on my xen host and tried xen with virt-manager without the former symlink workaround in place.
The new qemu-system-x86-xen slots into place nicely:.
ubuntu@ubuntu:~$ virsh capabilities | grep emu <emulator>/usr/lib/xen-4.11/bin/qemu-system-i386</emulator> <emulator>/usr/lib/xen-4.11/bin/qemu-system-i386</emulator> <emulator>/usr/lib/xen-4.11/bin/qemu-system-i386</emulator> <emulator>/usr/lib/xen-4.11/bin/qemu-system-i386</emulator> <emulator>/usr/lib/xen-4.11/bin/qemu-system-i386</emulator> <emulator>/usr/lib/xen-4.11/bin/qemu-system-i386</emulator> ubuntu@ubuntu:~$ ll /usr/lib/xen-4.11/bin/qemu-system-i386 -rwxr-xr-x 1 root root 15355976 Aug 3 05:15 /usr/lib/xen-4.11/bin/qemu-system-i386*
But - then all of the apparmor isolation will fall apart. As it will not allow this path to be executed.
Aug 04 06:31:13 ubuntu audit[115176]: AVC apparmor="DENIED" operation="exec" profile="libvirtd" name="/usr/lib/xen-4.11/bin/qemu-system-i386" pid=115176 comm="libvirtd" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 Aug 04 06:31:13 ubuntu kernel: audit: type=1400 audit(1596522673.656:146): apparmor="DENIED" operation="exec" profile="libvirtd" name="/usr/lib/xen-4.11/bin/qemu-system-i386" pid=115176 comm="libvirtd" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 Aug 04 06:31:13 ubuntu libvirtd[85510]: internal error: Child process (/usr/lib/xen-4.11/bin/qemu-system-i386 -help) unexpected exit status 126: libvirt: error : cannot execute binary /usr/lib/xen-4.11/bin/qemu-system-i386: Permission denied
So we want to keep things much more than they already are - but with a symlink in place (as my manual workaround was).
« Back to merge proposal
I also did a full upgrade on my xen host and tried xen with virt-manager without the former symlink workaround in place.
The new qemu-system-x86-xen slots into place nicely:.
ubuntu@ubuntu:~$ virsh capabilities | grep emu emulator> /usr/lib/ xen-4.11/ bin/qemu- system- i386</emulator> emulator> /usr/lib/ xen-4.11/ bin/qemu- system- i386</emulator> emulator> /usr/lib/ xen-4.11/ bin/qemu- system- i386</emulator> emulator> /usr/lib/ xen-4.11/ bin/qemu- system- i386</emulator> emulator> /usr/lib/ xen-4.11/ bin/qemu- system- i386</emulator> emulator> /usr/lib/ xen-4.11/ bin/qemu- system- i386</emulator> xen-4.11/ bin/qemu- system- i386 xen-4.11/ bin/qemu- system- i386*
<
<
<
<
<
<
ubuntu@ubuntu:~$ ll /usr/lib/
-rwxr-xr-x 1 root root 15355976 Aug 3 05:15 /usr/lib/
But - then all of the apparmor isolation will fall apart.
As it will not allow this path to be executed.
Aug 04 06:31:13 ubuntu audit[115176]: AVC apparmor="DENIED" operation="exec" profile="libvirtd" name="/ usr/lib/ xen-4.11/ bin/qemu- system- i386" pid=115176 comm="libvirtd" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 3.656:146) : apparmor="DENIED" operation="exec" profile="libvirtd" name="/ usr/lib/ xen-4.11/ bin/qemu- system- i386" pid=115176 comm="libvirtd" requested_mask="x" denied_mask="x" fsuid=0 ouid=0 xen-4.11/ bin/qemu- system- i386 -help) unexpected exit status 126: libvirt: error : cannot execute binary /usr/lib/ xen-4.11/ bin/qemu- system- i386: Permission denied
Aug 04 06:31:13 ubuntu kernel: audit: type=1400 audit(159652267
Aug 04 06:31:13 ubuntu libvirtd[85510]: internal error: Child process (/usr/lib/
So we want to keep things much more than they already are - but with a symlink in place (as my manual workaround was).