Confirmed this fixes the issue: Current version shows the following apparmor errors when spinning up a virtual machine with '-device sga', and the console log does not contain any early boot stuff:
adam@trusty:~$ dpkg -l | grep libvirt ii libvirt-bin 1.2.2-0ubuntu13.1.8 amd64 programs for the libvirt library ii libvirt0 1.2.2-0ubuntu13.1.8 amd64 library for interfacing with different virtualization systems ii python-libvirt 1.2.2-0ubuntu2 amd64 libvirt Python bindings adam@trusty:~$ adam@trusty:~$ ps aux | grep libvirt | grep sga libvirt+ 13477 61.8 6.8 1234328 559852 ? Sl 18:30 0:24 /usr/bin/qemu-system-x86_64 -name baremetalbrbm_0 -S -machine pc-1.0,accel=tcg,usb=off -m 512 -realtime mlock=off -smp 1,sockets=1,cores=1,threads=1 -uuid 6a8f6fb0-afc7-4474-8cc8-63b529068a95 -no-user-config -nodefaults -device sga -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/baremetalbrbm_0.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown -boot menu=off,strict=on -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -drive file=/var/lib/libvirt/images/baremetalbrbm_0.qcow2,if=none,id=drive-virtio-disk0,format=qcow2,cache=writeback -device virtio-blk-pci,scsi=off,bus=pci.0,addr=0x6,drive=drive-virtio-disk0,id=virtio-disk0 -netdev tap,fd=24,id=hostnet0 -device e1000,netdev=hostnet0,id=net0,mac=52:54:00:ad:8f:fb,bus=pci.0,addr=0x4,bootindex=1 -chardev file,id=charserial0,path=/home/adam/data/ironic/logs//baremetalbrbm_0_console.log -device isa-serial,chardev=cha rserial0,id=serial0 -chardev pty,id=charserial1 -device isa-serial,chardev=charserial1,id=serial1 -vnc 127.0.0.1:0 -device cirrus-vga,id=video0,bus=pci.0,addr=0x2 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x7 adam@trusty:~$ dmesg | grep sgab [ 3356.326341] type=1400 audit(1422498639.571:21): apparmor="DENIED" operation="open" profile="libvirt-6a8f6fb0-afc7-4474-8cc8-63b529068a95" name="/usr/share/misc/sgabios.bin" pid=13477 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=110 ouid=0 Upgrading to 1.2.2-0ubuntu13.1.9, after spawning a machine there DENIED errors dont show up and my console logs contain early boot stuff: $ sudo head -n 200 /home/adam/data/ironic/logs//baremetalbrbm_0_console.log Google, Inc. Serial Graphics Adapter 12/07/13 SGABIOS $Id: sgabios.S 8 2010-04-22 00:03:40Z nlaredo $ (buildd@allspice) Sat Dec 7 23:13:17 UTC 2013 4 0 eaBIOS (version 1.7.4-20140219_122710-roseapple) achine UUID 6a8f6fb0-afc7-4474-8cc8-63b529068a95 M iPXE (http://ipxe.org) 00:04.0 CA00 PCI2.10 PnP PMM+1FFC2360+1FF22360 CA00 Booting from ROM... iPXE (PCI 00:04.0) starting execution...ok iPXE initialising devices...ok iPXE 1.0.0+git-20131111.c3d1e78-2ubuntu1 -- Open Source Network Boot Firmware -- http://ipxe.org Features: HTTP HTTPS iSCSI DNS TFTP AoE bzImage ELF MBOOT PXE PXEXT Menu net0: 52:54:00:ad:8f:fb using 82540em on PCI00:04.0 (open) [Link:up, TX:0 TXE:0 RX:0 RXE:0] Configuring (net0 52:54:00:ad:8f:fb)...... ok net0: 10.1.0.6/255.255.255.0 gw 10.1.0.1 Next server: 10.0.0.249 Filename: pxelinux.0 disk......ready.am/data/ironic/tftpboot/e0ca0012-ccf4-46b7-a85d-c88766b0fd99/ram Thanks, Serge! ** Tags removed: verification-needed ** Tags added: verification-done -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1393548 Title: libvirt's apparmor profile denies access to sgabios.bin To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1393548/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
