-- Mariano Absatz - El Baby www.clueless.com.ar
On Fri, Jul 8, 2016 at 1:19 PM, Mariano Absatz - gmail <[email protected]> wrote: > > On Sun, Jun 26, 2016 at 1:00 PM, intrigeri <[email protected]> wrote: > >> Mariano Absatz - gmail wrote (18 Jun 2016 17:09:02 GMT) : >> > I just installed a new computer with ubuntu 16.04. I have been using a >> > tails on a usb drive within a qemu/kvm virtual machine as explained in >> > >> https://tails.boum.org/doc/advanced_topics/virtualization/virt-manager/index.en.html >> >> > My other machines are ubuntu 14.04 (with virt-manager 0.9.5). This new >> one >> > has virt-manager 1.3.2 and, following the same instructions, when I >> > configure the USB drive for booting I get a "No bootable device" on the >> VM. >> >> > The VM does boot from the ISO drive. >> >> > Any hints? >> >> Any AppArmor "DENIED" messages in the output of "sudo journalctl", >> maybe? >> > > Hi intrigeri, > thanx for your help. As you suspected, AppArmor seems to be the problem > (see log below). > Do you know where can I red about convincing apparmour to let me boot the > vm from USB? > Jul 08 13:09:23 muriel audit[28013]: AVC apparmor="DENIED" > operation="open" profile="libvirt-0e74a57c-e09a-4f88-921a-60a375a366e9" > name="/run/udev/data/c189:1" pid=28013 comm="qemu-system-x86" requested_mas > Jul 08 13:09:23 muriel audit[28013]: AVC apparmor="DENIED" > operation="open" profile="libvirt-0e74a57c-e09a-4f88-921a-60a375a366e9" > name="/run/udev/data/c189:9" pid=28013 comm="qemu-system-x86" requested_mas > Jul 08 13:09:23 muriel audit[28013]: AVC apparmor="DENIED" > operation="open" profile="libvirt-0e74a57c-e09a-4f88-921a-60a375a366e9" > name="/run/udev/data/c189:5" pid=28013 comm="qemu-system-x86" requested_mas > Jul 08 13:09:23 muriel audit[28013]: AVC apparmor="DENIED" > operation="open" profile="libvirt-0e74a57c-e09a-4f88-921a-60a375a366e9" > name="/run/udev/data/c189:3" pid=28013 comm="qemu-system-x86" requested_mas > Jul 08 13:09:23 muriel audit[28013]: AVC apparmor="DENIED" > operation="open" profile="libvirt-0e74a57c-e09a-4f88-921a-60a375a366e9" > name="/run/udev/data/c189:0" pid=28013 comm="qemu-system-x86" requested_mas > Jul 08 13:09:23 muriel audit[28013]: AVC apparmor="DENIED" > operation="open" profile="libvirt-0e74a57c-e09a-4f88-921a-60a375a366e9" > name="/run/udev/data/c189:128" pid=28013 comm="qemu-system-x86" requested_m > Jul 08 13:09:23 muriel audit[28013]: AVC apparmor="DENIED" > operation="open" profile="libvirt-0e74a57c-e09a-4f88-921a-60a375a366e9" > name="/run/udev/data/+usb:1-0:1.0" pid=28013 comm="qemu-system-x86" request > Jul 08 13:09:23 muriel audit[28013]: AVC apparmor="DENIED" > operation="open" profile="libvirt-0e74a57c-e09a-4f88-921a-60a375a366e9" > name="/run/udev/data/+usb:1-1:1.0" pid=28013 comm="qemu-system-x86" request > Jul 08 13:09:23 muriel audit[28013]: AVC apparmor="DENIED" > operation="open" profile="libvirt-0e74a57c-e09a-4f88-921a-60a375a366e9" > name="/run/udev/data/+usb:1-1:1.1" pid=28013 comm="qemu-system-x86" request > Jul 08 13:09:23 muriel audit[28013]: AVC apparmor="DENIED" > operation="open" profile="libvirt-0e74a57c-e09a-4f88-921a-60a375a366e9" > name="/run/udev/data/+usb:1-1:1.2" pid=28013 comm="qemu-system-x86" request > Jul 08 13:09:23 muriel audit[28013]: AVC apparmor="DENIED" > operation="open" profile="libvirt-0e74a57c-e09a-4f88-921a-60a375a366e9" > name="/run/udev/data/+usb:1-3:1.0" pid=28013 comm="qemu-system-x86" request > Jul 08 13:09:23 muriel audit[28013]: AVC apparmor="DENIED" > operation="open" profile="libvirt-0e74a57c-e09a-4f88-921a-60a375a366e9" > name="/run/udev/data/+usb:1-5:1.0" pid=28013 comm="qemu-system-x86" request > Jul 08 13:09:23 muriel audit[28013]: AVC apparmor="DENIED" > operation="open" profile="libvirt-0e74a57c-e09a-4f88-921a-60a375a366e9" > name="/run/udev/data/+usb:1-5:1.1" pid=28013 comm="qemu-system-x86" request > Jul 08 13:09:23 muriel audit[28013]: AVC apparmor="DENIED" > operation="open" profile="libvirt-0e74a57c-e09a-4f88-921a-60a375a366e9" > name="/run/udev/data/+usb:1-6:1.0" pid=28013 comm="qemu-system-x86" request > Jul 08 13:09:23 muriel audit[28013]: AVC apparmor="DENIED" > operation="open" profile="libvirt-0e74a57c-e09a-4f88-921a-60a375a366e9" > name="/run/udev/data/+usb:1-6:1.1" pid=28013 comm="qemu-system-x86" request > Jul 08 13:09:23 muriel audit[28013]: AVC apparmor="DENIED" > operation="open" profile="libvirt-0e74a57c-e09a-4f88-921a-60a375a366e9" > name="/run/udev/data/+usb:2-0:1.0" pid=28013 comm="qemu-system-x86" request > Jul 08 13:09:23 muriel kernel: audit: type=1400 audit(1467994163.675:98): > apparmor="DENIED" operation="open" > profile="libvirt-0e74a57c-e09a-4f88-921a-60a375a366e9" > name="/run/udev/data/c189:1" pid=28013 com > Jul 08 13:09:23 muriel kernel: audit: type=1400 audit(1467994163.675:99): > apparmor="DENIED" operation="open" > profile="libvirt-0e74a57c-e09a-4f88-921a-60a375a366e9" > name="/run/udev/data/c189:9" pid=28013 com > Jul 08 13:09:23 muriel kernel: audit: type=1400 audit(1467994163.675:100): > apparmor="DENIED" operation="open" > profile="libvirt-0e74a57c-e09a-4f88-921a-60a375a366e9" > name="/run/udev/data/c189:5" pid=28013 co > Jul 08 13:09:23 muriel kernel: audit: type=1400 audit(1467994163.675:101): > apparmor="DENIED" operation="open" > profile="libvirt-0e74a57c-e09a-4f88-921a-60a375a366e9" > name="/run/udev/data/c189:3" pid=28013 co > Jul 08 13:09:23 muriel kernel: audit: type=1400 audit(1467994163.675:102): > apparmor="DENIED" operation="open" > profile="libvirt-0e74a57c-e09a-4f88-921a-60a375a366e9" > name="/run/udev/data/c189:0" pid=28013 co > Jul 08 13:09:23 muriel kernel: audit: type=1400 audit(1467994163.675:103): > apparmor="DENIED" operation="open" > profile="libvirt-0e74a57c-e09a-4f88-921a-60a375a366e9" > name="/run/udev/data/c189:128" pid=28013 OK. I managed to find out, but your help was invaluable. According to https://help.ubuntu.com/community/KVM/Managing#Apparmor_Modification I added to my /etc/apparmor.d/abstractions/libvirt-qemu file the following: /dev/bus/usb/*/[0-9]* rw, But that wasn't enough. Reading the specific messages on the systemd journal I had to add 2 more lines there: /run/udev/data/c189:* rw, /run/udev/data/+usb* rw, and after restarting the apparmor service tails booted alright from the usb drive. I'm posting this in the hope that someone else can benefit from it and I'd like to thank intrigeri again for his/her help guiding me. -- Mariano Absatz - El Baby www.clueless.com.ar _______________________________________________ tails-support mailing list [email protected] https://mailman.boum.org/listinfo/tails-support To unsubscribe from this list, send an empty email to [email protected].
