Public bug reported:
Apparmor denise libvirt access to a number of important directories.
syslog.4:Dec 12 17:18:08 nuc2 kernel: [54334.001494] type=1400
audit(1418404688.659:48): apparmor="DENIED" operation="open"
profile="libvirt-64557998-1e6b-43fb-bf6a-7dc9b9c7a660"
name="/var/lib/charm/ceph/ceph.conf" pid=23594 comm="qemu-system-x86"
requested_mask="r" denied_mask="r" fsuid=108 ouid=0
syslog.4:Dec 12 17:18:09 nuc2 kernel: [54334.537222] type=1400
audit(1418404689.195:49): apparmor="DENIED" operation="open"
profile="libvirt-64557998-1e6b-43fb-bf6a-7dc9b9c7a660"
name="/var/lib/charm/ceph/ceph.conf" pid=23594 comm="qemu-system-x86"
requested_mask="r" denied_mask="r" fsuid=108 ouid=0
syslog.4:Dec 12 17:18:09 nuc2 kernel: [54334.745412] type=1400
audit(1418404689.403:50): apparmor="DENIED" operation="open"
profile="libvirt-64557998-1e6b-43fb-bf6a-7dc9b9c7a660"
name="/var/lib/charm/ceph/ceph.conf" pid=23594 comm="qemu-system-x86"
requested_mask="r" denied_mask="r" fsuid=108 ouid=0
syslog.4:Dec 12 17:18:09 nuc2 kernel: [54334.808978] type=1400
audit(1418404689.467:51): apparmor="DENIED" operation="open"
profile="libvirt-64557998-1e6b-43fb-bf6a-7dc9b9c7a660"
name="/var/lib/charm/ceph/ceph.conf" pid=23594 comm="qemu-system-x86"
requested_mask="r" denied_mask="r" fsuid=108 ouid=0
syslog.4:Dec 12 17:18:09 nuc2 kernel: [54334.858862] type=1400
audit(1418404689.515:52): apparmor="DENIED" operation="open"
profile="libvirt-64557998-1e6b-43fb-bf6a-7dc9b9c7a660"
name="/var/lib/charm/ceph/ceph.conf" pid=23594 comm="qemu-system-x86"
requested_mask="r" denied_mask="r" fsuid=108 ouid=0
syslog.4:Dec 12 17:18:09 nuc2 kernel: [54334.909608] type=1400
audit(1418404689.567:53): apparmor="DENIED" operation="open"
profile="libvirt-64557998-1e6b-43fb-bf6a-7dc9b9c7a660"
name="/var/lib/charm/ceph/ceph.conf" pid=23594 comm="qemu-system-x86"
requested_mask="r" denied_mask="r" fsuid=108 ouid=0
syslog.4:Dec 12 17:18:09 nuc2 kernel: [54334.976979] type=1400
audit(1418404689.635:54): apparmor="DENIED" operation="open"
profile="libvirt-64557998-1e6b-43fb-bf6a-7dc9b9c7a660"
name="/var/lib/charm/ceph/ceph.conf" pid=23594 comm="qemu-system-x86"
requested_mask="r" denied_mask="r" fsuid=108 ouid=0
syslog.4:Dec 12 18:25:25 nuc2 kernel: [58368.978163] type=1400
audit(1418408725.790:56): apparmor="DENIED" operation="open"
profile="libvirt-c2f29087-8453-4441-a27d-716666fcd7a5"
name="/var/lib/charm/ceph/ceph.conf" pid=19293 comm="qemu-system-x86"
requested_mask="r" denied_mask="r" fsuid=108 ouid=0
syslog.4:Dec 12 18:25:25 nuc2 kernel: [58368.979670] type=1400
audit(1418408725.790:57): apparmor="DENIED" operation="open"
profile="libvirt-c2f29087-8453-4441-a27d-716666fcd7a5" name="/tmp/" pid=19293
comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=108 ouid=0
syslog.4:Dec 12 18:25:25 nuc2 kernel: [58368.979680] type=1400
audit(1418408725.790:58): apparmor="DENIED" operation="open"
profile="libvirt-c2f29087-8453-4441-a27d-716666fcd7a5" name="/var/tmp/"
pid=19293 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=108
ouid=0
In this case the machine was installed using juju and maas. Specific
charms in play on this machine are ceph, and nova-compute.
I'm not sure if the juju charms need to be updated or if the libvirt
template needs to be updated or something else altogether.
It's important to not that without ceph apparmor still denies access to
/tmp and /var/tmp
ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: libvirt-bin 1.2.2-0ubuntu13.1.7
ProcVersionSignature: User Name 3.13.0-35.62-generic 3.13.11.6
Uname: Linux 3.13.0-35-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.6
Architecture: amd64
Date: Wed Dec 17 21:15:20 2014
KernLog:
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
XDG_RUNTIME_DIR=<set>
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: libvirt
UpgradeStatus: No upgrade log present (probably fresh install)
modified.conffile..etc.default.libvirt.bin: [modified]
modified.conffile..etc.libvirt.libvirtd.conf: [modified]
modified.conffile..etc.libvirt.qemu.conf: [inaccessible: [Errno 13] Permission
denied: '/etc/libvirt/qemu.conf']
mtime.conffile..etc.default.libvirt.bin: 2014-12-12T02:21:56.792085
mtime.conffile..etc.libvirt.libvirtd.conf: 2014-12-12T02:21:49.403764
** Affects: libvirt (Ubuntu)
Importance: Undecided
Status: Incomplete
** Affects: ceph (Juju Charms Collection)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug trusty uec-images
** Also affects: ceph (Juju Charms Collection)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in Ubuntu.
https://bugs.launchpad.net/bugs/1403648
Title:
Apparmor denies qemu access to a number of important directories.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1403648/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
