Quantcast
Channel: Ubuntu Forums - Virtualisation
Viewing all articles
Browse latest Browse all 4211

18.04 apparmor blocking vm creation with libvirt/qemu

$
0
0
So I've got an mdadm array mounted at /data/vms where I want my images to live. I keep getting
Code:

Unable to complete install: 'internal error: process exited while connecting to monitor: 000: Domain id=3 is tainted: high-privileges
2018-05-01T16:39:49.776716Z qemu-system-x86_64: -drive file=/data/vms/mx-root.qcow2,format=qcow2,if=none,id=drive-virtio-disk0: Could not open backing file: Could not open '/data/vms': Permission denied'

I've tried adding
Code:

  /data/vms/* r,
  /data/vms/** rw,

to both /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper and /etc/apparmor/usr.sbin.libvirtd. I've even tried setting the user and group to root in /etc/libvirt/qemu.conf and connecting as root with virt manager just troubleshoot this.

I'm still seeing the above error and this in syslog.
Code:

May  1 09:39:49 hal kernel: [ 2777.174380] audit: type=1400 audit(1525192789.771:46): apparmor="DENIED" operation="open" profile="libvirt-9689f320-a915-4ab3-9d24-9db63947920a" name="/data/vms/" pid=2839 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Even after loading those apparmor profiles or rebooting. This is a new VM, so there's no apparmor file matching that UUID, yet.

The weird thing is, the initial qcow image files create fine in the storage manager, but I just can't use them when spinning up a VM.

Viewing all articles
Browse latest Browse all 4211

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>