[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
Hey all, I had this exact same error pop up for me recently, but the fix was completely different. Upon further investigation of /var/log/libvirt/qemu/, I saw that the KVM was attempting to mount a physical CDrom when there was no CDROM in the CD tray. Because of that, it was giving me the same error as listed in the original error. However, I was not having any problems getting other KVMs working properly. The fix, for this problem was to open the KVM's details (I am using virtual machine manager in 10.04), and disconnect the CDROM device. I hope this helps other people. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/517714 Title: [Lucid] Error starting domain: could not remove profile -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
This bug is fixed in Lucid. People who are still having problems should file a new bug with 'ubuntu-bug libvirt'. ** Changed in: libvirt (Ubuntu Lucid) Status: Confirmed => Fix Released -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/engine.py", line 588, in run_domain vm.startup() File "/usr/share/virt-manager/virtManager/domain.py", line 150, in startup self._backend.create() File "/usr/lib/python2.6/dist-packages/libvirt.py", line 300, in create if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self) libvirtError: monitor socket did not show up.: Connection refused -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/engine.py", line 588, in run_domain vm.startup() File "/usr/share/virt-manager/virtManager/domain.py", line 150, in startup self._backend.create() File "/usr/lib/python2.6/dist-packages/libvirt.py", line 300, in create if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self) libvirtError: monitor socket did not show up.: Connection refused ** Changed in: libvirt (Ubuntu Lucid) Status: Fix Released => Confirmed -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
Hey guys, I know this has been closed a while, but was still getting the error when trying to start a VM in Lucid RC: libvirtError: monitor socket did not show up.: Connection refused When I updated my file and rebooted I'm now getting: Unable to open connection to hypervisor URI 'qemu:///system': unable to connect to '/var/run/libvirt/libvirt-sock': No such file or directory Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/connection.py", line 896, in _try_open None], flags) File "/usr/lib/python2.6/dist-packages/libvirt.py", line 111, in openAuth if ret is None:raise libvirtError('virConnectOpenAuth() failed') libvirtError: unable to connect to '/var/run/libvirt/libvirt-sock': No such file or directory I uninstalled libvirt0 (and everything that depended on it) and then re- installed ubuntu-virt-server and ubuntu-virt-mgmt and now I'm back to the first error (Connection refused). I'm using a fakeraid array with /dev/mapper. Could this be causing this? -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
I've been should on before, but I did remove my comment and everything still works even after a system reboot. I withdraw my complaint. Shame on me. Of course now I have no idea what originally caused it to not work, but I've been trusting in FM for a long time. -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
AppArmor should not be not causing this connection refused message because skogs said there is nothing in the dmesg indicating a denial. Indeed, skogs removal of 'audit deny /etc/apparmor.d/libvirt/** wxl,' should not have done anything because the libvirtd profile disallows this access regardless (and that rule just makes sure it is logged. What probably happened is the libvirtd restart or system reboot 'cleaned up' libvirt so it would function correctly again. Please file a different bug-- this one is fixed. -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
I am also seeing the same connection refused error as skogs. Should we open a separate ticket about it? -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
I don't suppose there is any explanation why I just upgraded to 10.04 and this popped back up ehh? Error reported in window: "Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/engine.py", line 588, in run_domain vm.startup() File "/usr/share/virt-manager/virtManager/domain.py", line 150, in startup self._backend.create() File "/usr/lib/python2.6/dist-packages/libvirt.py", line 300, in create if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self) libvirtError: monitor socket did not show up.: Connection refused" Attempted: "sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.libvirtd" to no avail. Nothing generated in dmesg output during error. -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
commented out the following line and fixed my issues. audit deny /etc/apparmor.d/libvirt/** wxl, -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
This bug was fixed in the package libvirt - 0.7.5-5ubuntu24 --- libvirt (0.7.5-5ubuntu24) lucid; urgency=low * debian/apparmor/usr.lib.libvirt.virt-aa-helper: eek, the /dev change from the last upload was a wee bit too aggressive. Revert that and allow access to .img, .qcow{,2}, and .vmdk (file extensions that actually support backingstore) and .[iI][sS][oO] since it is so common (LP: #517714) -- Jamie StrandbogeThu, 15 Apr 2010 08:52:27 -0500 ** Changed in: libvirt (Ubuntu Lucid) Status: Fix Committed => Fix Released -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
The fixed "usr.lib.libvirt.virt-aa-helper" from Jamie and a "apparmor_parser -r /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper" helps and the guest is starting again. The newest kernel, apparmor and libs fixed my problem with 100% load and very slow guests. -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
Martin, the 100% CPU load is a different issue (see bug #549428). ** Changed in: libvirt (Ubuntu Lucid) Status: In Progress => Fix Committed -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
I've the same problem since the latest updates to the kernel (2.6.32-20-server -> 2.6.32-21-server), some updates to apparmor/profiles and libvirt. Since some days I've 100% cpu load with 10.04 guest and host (4 cpus, lvm2, virtio net and hd). So I can't use any guest. -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
The attached profile for virt-aa-helper should fix the issue. Please report back if you have any problems with it. ** Attachment added: "usr.lib.libvirt.virt-aa-helper" http://launchpadlibrarian.net/44268510/usr.lib.libvirt.virt-aa-helper ** Changed in: libvirt (Ubuntu Lucid) Status: Triaged => In Progress -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
Yes, I can confirm this once I unload all my VM profiles. I had a hard time confirming because they were already loaded and didn't unoload on VM shutdown/destroy. The 'deny /dev/** mrwkl,' is much too zealous. ** Changed in: libvirt (Ubuntu Lucid) Status: Incomplete => Confirmed ** Changed in: libvirt (Ubuntu Lucid) Status: Confirmed => Triaged ** Changed in: libvirt (Ubuntu Lucid) Milestone: lucid-alpha-3 => ubuntu-10.04 -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
That worked for me, Jamie! :) -RR -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
Can people seeing this issue comment out the following line in /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper: #deny /dev/** mrwkl, Then perform: $ sudo apparmor_parser -r /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper Please report back if the machine starts (don't worry about denied messages at this point if the machine starts). -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
dmesg output: [ 1341.500672] type=1503 audit(1271335124.806:17): operation="open" pid=15949 parent=1779 profile="/usr/lib/libvirt/virt-aa-helper" requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0 name="/data/sas/vmimages/zimbra.img" [ 1341.500853] type=1503 audit(1271335124.806:18): operation="open" pid=15949 parent=1779 profile="/usr/lib/libvirt/virt-aa-helper" requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0 name="/data/sas/isos/jeos-8.04.3-jeos-i386.iso" [ 1341.509836] device vnet0 entered promiscuous mode [ 1341.512314] br1: port 2(vnet0) entering learning state [ 1341.640057] br1: port 2(vnet0) entering disabled state [ 1341.718121] device vnet0 left promiscuous mode [ 1341.718125] br1: port 2(vnet0) entering disabled state no libvirt xml because the error happens during "virt-install" -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
Reverting /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper as described above worked for me. -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/engine.py", line 588, in run_domain vm.startup() File "/usr/share/virt-manager/virtManager/domain.py", line 150, in startup self._backend.create() File "/usr/lib/python2.6/dist-packages/libvirt.py", line 300, in create if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self) libvirtError: could not remove profile for 'libvirt-f56646fb-00e2-d2db-b1c1-fb78c49d66ca' dmesg: [ 378.512081] device vnet0 entered promiscuous mode [ 378.514705] br0: port 2(vnet0) entering forwarding state [ 378.531817] br0: port 2(vnet0) entering disabled state [ 378.560888] device vnet0 left promiscuous mode [ 378.560892] br0: port 2(vnet0) entering disabled state /var/log/libvirt/qemu: libvir: Security Labeling error : error calling aa_change_profile() -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
dmesg output: [ 160.754633] device vnet0 entered promiscuous mode [ 160.755215] br0: port 2(vnet0) entering learning state [ 160.756086] device vnet1 entered promiscuous mode [ 160.756580] br1: port 2(vnet1) entering learning state [ 160.824741] br0: port 2(vnet0) entering disabled state [ 160.861780] device vnet0 left promiscuous mode [ 160.861783] br0: port 2(vnet0) entering disabled state [ 160.932202] br1: port 2(vnet1) entering disabled state [ 160.971772] device vnet1 left promiscuous mode [ 160.971775] br1: port 2(vnet1) entering disabled state libvirt-bin: Installed: 0.7.5-5ubuntu23 Candidate: 0.7.5-5ubuntu23 Version table: *** 0.7.5-5ubuntu23 0 500 http://de.archive.ubuntu.com/ubuntu/ lucid/main Packages 100 /var/lib/dpkg/status XML file for machine (from OpenNebula, but that does not matter here since I start the machine locally by hand): one-103 3145728 hvm /usr/bin/kvm -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
Can people post the output of of 'dmesg' after they see this error. Also, can you give the XML for the machine that is failing to start (virsh dumpxml ')? ** Also affects: libvirt (Ubuntu Lucid) Importance: Critical Assignee: Jamie Strandboge (jdstrand) Status: Fix Released ** Changed in: libvirt (Ubuntu Lucid) Status: Fix Released => Incomplete -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
Since Ubuntu counts "me too!!" as people affected: ME TOO!! Nothing more to add. -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
I also encountered this issue just now. It is caused by an update of the apparmor profile: --- /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper 2010-04-14 14:19:00.0 +0200 +++ /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper.dpkg-dist2010-04-15 08:17:39.0 +0200 @@ -3,6 +3,7 @@ /usr/lib/libvirt/virt-aa-helper { #include + #include # needed for searching directories capability dac_override, @@ -14,9 +15,30 @@ deny @{PROC}/[0-9]*/mounts r, @{PROC}/filesystems r, + # for hostdev + /sys/devices/ r, + /sys/devices/** r, + /usr/lib/libvirt/virt-aa-helper mr, /sbin/apparmor_parser Ux, /etc/apparmor.d/libvirt/* r, /etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw, + + # For backingstore, virt-aa-helper needs to peek inside the disk image, so + # allow access to non-hidden files in @{HOME} as well as storage pools, and + # removable media and filesystems. A virt-aa-helper failure when checking a + # disk for backinsgstore is non-fatal (but obviously the backingstore won't + # be added). + audit deny @{HOME}/.* mrwkl, + audit deny @{HOME}/.*/ rw, + audit deny @{HOME}/.*/** mrwkl, + audit deny @{HOME}/bin/ rw, + audit deny @{HOME}/bin/** mrwkl, + @{HOME}/ r, + @{HOME}/** r, + /var/lib/libvirt/images/ r, + /var/lib/libvirt/images/** r, + /{media,mnt,opt,srv}/** r, + deny /dev/** mrwkl, } I reverted to the old one and virt-manager was able to start virtual machines again. -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
Just to chime in: I had this bug this morning (Apr 15) after I ran upgraded my Lucid: "Error starting domain: could not remove profile for 'libvirt-55359786-ed36-5577-0d71-f252432b9388'" raceback (most recent call last): File "/usr/share/virt-manager/virtManager/engine.py", line 588, in run_domain vm.startup() File "/usr/share/virt-manager/virtManager/domain.py", line 150, in startup self._backend.create() File "/usr/lib/python2.6/dist-packages/libvirt.py", line 300, in create if ret == -1: raise libvirtError ('virDomainCreate() failed', dom=self) libvirtError: could not remove profile for 'libvirt-55359786-ed36-5577-0d71-f252432b9388' virt-manager: Installed: 0.8.2-2ubuntu8 Candidate: 0.8.2-2ubuntu8 Version table: *** 0.8.2-2ubuntu8 0 500 http://gb.archive.ubuntu.com/ubuntu/ lucid/main Packages 100 /var/lib/dpkg/status LSB Version: core-2.0-amd64:core-2.0-noarch:core-3.0-amd64:core-3.0-noarch:core-3.1-amd64:core-3.1-noarch:core-3.2-amd64:core-3.2-noarch:core-4.0-amd64:core-4.0-noarch:cxx-3.0-amd64:cxx-3.0-noarch:cxx-3.1-amd64:cxx-3.1-noarch:cxx-3.2-amd64:cxx-3.2-noarch:cxx-4.0-amd64:cxx-4.0-noarch:desktop-3.1-amd64:desktop-3.1-noarch:desktop-3.2-amd64:desktop-3.2-noarch:desktop-4.0-amd64:desktop-4.0-noarch:graphics-2.0-amd64:graphics-2.0-noarch:graphics-3.0-amd64:graphics-3.0-noarch:graphics-3.1-amd64:graphics-3.1-noarch:graphics-3.2-amd64:graphics-3.2-noarch:graphics-4.0-amd64:graphics-4.0-noarch:printing-3.2-amd64:printing-3.2-noarch:printing-4.0-amd64:printing-4.0-noarch:qt4-3.1-amd64:qt4-3.1-noarch -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
This bug still exists on karmic -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
This bug was fixed in the package libvirt - 0.7.5-5ubuntu6 --- libvirt (0.7.5-5ubuntu6) lucid; urgency=low * debian/patches/9013-apparmor-dont-clear-caps.patch: Don't clear capabilities when calling virt-aa-helper. When built with libcap-ng, clearing caps makes virt-aa-helper lose MAC_ADMIN, which is (obviously) needed by apparmor_parser. This restores libcap-ng behavior to what it was when not built with libcap-ng. (LP: #517714) -- Jamie StrandbogeFri, 05 Feb 2010 16:48:42 -0600 ** Changed in: libvirt (Ubuntu) Status: In Progress => Fix Released -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
flolle, please do not disable all of the profiles. This is not needed and there are many profiles in place that are not causing the problem. To workaround this, you can edit qemu.conf as suggested (and restart libvirtd), or simply temporarily disable the apparmor profile until a reboot with: $ sudo apparmor_parser -R /etc/apparmor.d/usr.sbin.libvirtd ** Changed in: libvirt (Ubuntu) Status: Confirmed => Triaged ** Changed in: libvirt (Ubuntu) Status: Triaged => In Progress -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
As a workaround to this problem, disabling the apparmor profiles helped. I disabled all profiles, but it might be a good idea to only disable the profiles of libvirt. To disable all profiles you may use: sudo aa-complain /etc/apparmor.d/* More Information can be found at https://help.ubuntu.com/community/AppArmor -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
I just encountered the same error. After reading the blog post at http://penguindroppings.wordpress.com/2009/11/03/apparmor-svirt-security-driver-for-libvirt/ I tried to set security_driver = "none" in /etc/libvirt/quemu.conf but the problem still occurs. Can I somehow help solving this problem? -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
I see that in my logs too. Let me know if there's anything else you need from me. Thanks for being so responsive. -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
Actually, this is not a profiling issue. The error from /var/log/libvirt/qemu/log is: libvir: Security Labeling error : error calling aa_change_profile() ** Changed in: libvirt (Ubuntu) Status: Incomplete => Confirmed ** Changed in: libvirt (Ubuntu) Assignee: (unassigned) => Jamie Strandboge (jdstrand) ** Changed in: libvirt (Ubuntu) Importance: High => Critical -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
Sure... attempts from two different VMs... [ 1287.883490] type=1503 audit(1265396838.963:19): operation="profile_replace" pid=5756 [ 1287.896774] device vnet0 entered promiscuous mode [ 1287.897141] br0: port 2(vnet0) entering forwarding state [ 1287.930561] br0: port 2(vnet0) entering disabled state [ 1287.960322] device vnet0 left promiscuous mode [ 1287.960326] br0: port 2(vnet0) entering disabled state [ 1331.035140] type=1503 audit(1265396882.114:20): operation="profile_replace" pid=5810 [ 1331.049876] device vnet0 entered promiscuous mode [ 1331.050380] virbr0: topology change detected, propagating [ 1331.050384] virbr0: port 1(vnet0) entering forwarding state [ 1331.090549] virbr0: port 1(vnet0) entering disabled state [ 1331.120416] device vnet0 left promiscuous mode [ 1331.120421] virbr0: port 1(vnet0) entering disabled state I haven't touched apparmor in any way. -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
That last message was intended for Chad. Chad, can you attach your dmesg after seeing the failure? ** Package changed: virt-manager (Ubuntu) => libvirt (Ubuntu) ** Changed in: libvirt (Ubuntu) Status: Confirmed => Incomplete ** Tags added: apparmor -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
Dustin, can you attach the dmesg from immediately after this happens -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 517714] Re: [Lucid] Error starting domain: could not remove profile
** Changed in: virt-manager (Ubuntu) Importance: Undecided => High ** Changed in: virt-manager (Ubuntu) Status: New => Confirmed ** Changed in: virt-manager (Ubuntu) Milestone: None => lucid-alpha-3 -- [Lucid] Error starting domain: could not remove profile https://bugs.launchpad.net/bugs/517714 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs