Package: libvirt-daemon-system Version: 3.0.0-4+deb9u1 Severity: normal Hi,
on a Debian/stretch system with a current kernel from stretch-backports, I tried putting together a qemu/libvirtd/virt-manager setup and noticed that libvirt was not able to properly shut down VMs that it had started. The problem was observable in at least two ways: (1) Triggering the "shut down" action from virt-manager leads to a Windows VM showing the shutdown screen, the mouse cursor can no longer be moved. Typing "list" in virsh tells me that the VM is in state "in shutdown". (2) Typing "destroy $NAME" in virsh produces an error message: ,---- | error: Failed to destroy domain $NAME | error: Failed to terminate process $PID with SIGTERM: Permission denied `---- Manually killing the qemu process and repeating the "destroy" command leads to the desired result (state "shut off"). >From the audit log, it is clear that AppArmor (which is enabled by default in the kernel from stretch-backports) prevents the delivery of signals. I was able to fix the issue for myself by using /etc/apparmor.d/* from a newer libvirt-daemon-system version (3.10.0-1). Please consider doing at least one of the following: - an update of the AppArmor profile through proposed-updates and the next point release - an update of libvirt via stretch-backports. I am willing to help with either solution. Cheers, -Hilko -- System Information: Debian Release: 9.3 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.14.0-0.bpo.3-amd64 (SMP w/8 CPU cores) Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libvirt-daemon-system depends on: ii adduser 3.115 ii debconf [debconf-2.0] 1.5.61 ii gettext-base 0.19.8.1-2 ii init-system-helpers 1.48 ii iptables 1.6.0+snapshot20161117-6 ii libapparmor1 2.11.0-3 ii libaudit1 1:2.6.7-2 ii libblkid1 2.29.2-1 ii libc6 2.24-11+deb9u1 ii libcap-ng0 0.7.7-3+b1 ii libdbus-1-3 1.10.24-0+deb9u1 ii libdevmapper1.02.1 2:1.02.137-2 ii libnl-3-200 3.2.27-2 ii libnl-route-3-200 3.2.27-2 ii libnuma1 2.0.11-2.1 ii librados2 10.2.5-7.2 ii librbd1 10.2.5-7.2 ii libselinux1 2.6-3+b3 ii libvirt-clients 3.0.0-4+deb9u1 ii libvirt-daemon 3.0.0-4+deb9u1 ii libvirt0 3.0.0-4+deb9u1 ii libxml2 2.9.4+dfsg1-2.2+deb9u2 ii libyajl2 2.1.0-2+b3 ii logrotate 3.11.0-0.1 ii lsb-base 9.20161125 ii policykit-1 0.105-18 Versions of packages libvirt-daemon-system recommends: ii bridge-utils 1.5-13+deb9u1 ii dmidecode 3.0-4 ii dnsmasq-base 2.76-5+deb9u1 ii ebtables 2.0.10.4-3.5+b1 ii iproute2 4.9.0-1+deb9u1 ii parted 3.2-17 Versions of packages libvirt-daemon-system suggests: ii apparmor 2.11.0-3 ii auditd 1:2.6.7-2 ii nfs-common 1:1.3.4-2.1 ii pm-utils 1.4.1-17 pn radvd <none> ii systemd 232-25+deb9u1 ii systemtap 3.1-2 pn zfsutils <none>