I am simply using virt-manager to create virtual machines, I've got maybe half a dozen on a box, and then after a reboot they are set to start automatically and dmesg will give me those messages. This is under Ubuntu 20.04, I can not swear they were not happening earlier but I did not notice them.
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_- Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting. Knowledgeable human assistance, not telephone trees or script readers. See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874. On Fri, 5 Jun 2020, Christian Ehrhardt wrote: > Date: Fri, 05 Jun 2020 04:23:39 -0000 > From: Christian Ehrhardt <1881...@bugs.launchpad.net> > To: nan...@eskimo.com > Subject: [Bug 1881969] Re: apparmor profile for libvirtd/libvirt-daemon needs > fixing > > I'd agree and work on adding the rule upstream and into Ubuntu, but what > I need to to do is help to understand "why this triggers for you". > > I run libvirt locally and in many tests, but so far have never seen this > apparmor denial. > Although if it is a non fatal bug it is easier to miss ... > > The linked Debian bug (thanks paride) has a bit more details how to trigger. > But the bug also is almost a year old and no one else has hit this, ... that > is odd. > > I've set up a L1 guest with an extra disk as scsi disk > 44 <disk type='file' device='disk'> > 45 <driver name='qemu' type='qcow2'/> > 46 <source > file='/var/lib/uvtool/libvirt/images/testguest-scsi-ephem-00.qcow'/> > 47 <target dev='sda' bus='scsi'/> > 48 <address type='drive' controller='0' bus='0' target='0' unit='0'/> > 49 </disk> > ... > 100 <controller type='scsi' index='0' model='virtio-scsi'> > 101 <address type='pci' domain='0x0000' bus='0x0a' slot='0x01' > function='0x0'/> > 102 </controller> > > > In the guest that appears as scsi disk, here from lshw: > *-scsi > description: SCSI storage controller > product: Virtio SCSI > vendor: Red Hat, Inc. > physical id: 1 > bus info: pci@0000:07:01.0 > version: 00 > width: 64 bits > clock: 33MHz > capabilities: scsi msix bus_master cap_list > configuration: driver=virtio-pci latency=0 > resources: irq:23 ioport:c000(size=64) memory:fc000000-fc000fff > memory:fe000000-fe003fff > *-disk > description: SCSI Disk > product: QEMU HARDDISK > vendor: QEMU > physical id: 0.0.0 > bus info: scsi@0:0.0.0 > logical name: /dev/sda > version: 2.5+ > size: 4GiB (4294MB) > capabilities: 5400rpm > configuration: ansiversion=5 logicalsectorsize=512 sectorsize=512 > *-sata > description: SATA controller > product: 82801IR/IO/IH (ICH9R/DO/DH) 6 port SATA Controller [AHCI mode] > vendor: Intel Corporation > physical id: 1f.2 > bus info: pci@0000:00:1f.2 > version: 02 > width: 32 bits > clock: 33MHz > capabilities: sata msi ahci_1.0 bus_master cap_list > configuration: driver=ahci latency=0 > resources: irq:41 ioport:d060(size=32) memory:fd41b000-fd41bfff > > Using that to define another guest: > <disk type='block' device='disk'> > <driver name='qemu' type='raw'/> > <source dev='/dev/sda'/> > <target dev='sda' bus='scsi'/> > </disk> > <controller type='scsi' index='0' model='virtio-scsi'/> > > But with that the guest starts fine and no apparmor denial shows up. > Could you help by outlining how you configure your host and guest so that > this issue triggers. > > Only then we have a use case that we can tie to the new apparmor rule to > allow this. > > ** Changed in: libvirt (Ubuntu) > Status: Triaged => Incomplete > > -- > You received this bug notification because you are subscribed to the bug > report. > https://bugs.launchpad.net/bugs/1881969 > > Title: > apparmor profile for libvirtd/libvirt-daemon needs fixing > > Status in libvirt package in Ubuntu: > Incomplete > Status in libvirt package in Debian: > Incomplete > > Bug description: > Libvirtd is trying to use a capability being denied it by apparmor. > > [474656.842239] audit: type=1400 audit(1591211959.677:101): > apparmor="DENIED" operation="capable" profile="libvirtd" pid=3393444 > comm="libvirtd" capability=17 capname="sys_rawio" > > ProblemType: Bug > DistroRelease: Ubuntu 20.04 > Package: libvirt-daemon 6.0.0-0ubuntu8.1 > Uname: Linux 5.6.0 x86_64 > ApportVersion: 2.20.11-0ubuntu27.2 > Architecture: amd64 > CasperMD5CheckResult: skip > CurrentDesktop: MATE > Date: Wed Jun 3 14:01:30 2020 > InstallationDate: Installed on 2017-05-27 (1103 days ago) > InstallationMedia: Ubuntu-MATE 17.04 "Zesty Zapus" - Release amd64 (20170412) > SourcePackage: libvirt > UpgradeStatus: Upgraded to focal on 2020-04-26 (38 days ago) > modified.conffile..etc.libvirt.nwfilter.allow-arp.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.allow-dhcp-server.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.allow-dhcp.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.allow-incoming-ipv4.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.allow-ipv4.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.clean-traffic-gateway.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.clean-traffic.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.no-arp-ip-spoofing.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.no-arp-mac-spoofing.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.no-arp-spoofing.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.no-ip-multicast.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.no-ip-spoofing.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.no-mac-broadcast.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.no-mac-spoofing.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.no-other-l2-traffic.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.no-other-rarp-traffic.xml: [modified] > modified.conffile..etc.libvirt.nwfilter.qemu-announce-self-rarp.xml: > [modified] > modified.conffile..etc.libvirt.nwfilter.qemu-announce-self.xml: [modified] > modified.conffile..etc.libvirt.qemu.networks.default.xml: [modified] > mtime.conffile..etc.libvirt.nwfilter.allow-arp.xml: > 2017-05-27T04:38:59.454073 > mtime.conffile..etc.libvirt.nwfilter.allow-dhcp-server.xml: > 2017-05-27T04:38:58.894071 > mtime.conffile..etc.libvirt.nwfilter.allow-dhcp.xml: > 2017-05-27T04:38:58.990072 > mtime.conffile..etc.libvirt.nwfilter.allow-incoming-ipv4.xml: > 2017-05-27T04:38:59.714073 > mtime.conffile..etc.libvirt.nwfilter.allow-ipv4.xml: > 2017-05-27T04:38:59.522073 > mtime.conffile..etc.libvirt.nwfilter.clean-traffic-gateway.xml: > 2018-10-27T01:48:21.872648 > mtime.conffile..etc.libvirt.nwfilter.clean-traffic.xml: > 2017-05-27T04:38:59.582073 > mtime.conffile..etc.libvirt.nwfilter.no-arp-ip-spoofing.xml: > 2017-05-27T04:38:58.942071 > mtime.conffile..etc.libvirt.nwfilter.no-arp-mac-spoofing.xml: > 2017-05-27T04:38:59.870074 > mtime.conffile..etc.libvirt.nwfilter.no-arp-spoofing.xml: > 2017-05-27T04:38:59.818074 > mtime.conffile..etc.libvirt.nwfilter.no-ip-multicast.xml: > 2017-05-27T04:38:59.110072 > mtime.conffile..etc.libvirt.nwfilter.no-ip-spoofing.xml: > 2017-05-27T04:38:59.178072 > mtime.conffile..etc.libvirt.nwfilter.no-mac-broadcast.xml: > 2017-05-27T04:38:59.774074 > mtime.conffile..etc.libvirt.nwfilter.no-mac-spoofing.xml: > 2017-05-27T04:38:59.254072 > mtime.conffile..etc.libvirt.nwfilter.no-other-l2-traffic.xml: > 2017-05-27T04:38:59.394073 > mtime.conffile..etc.libvirt.nwfilter.no-other-rarp-traffic.xml: > 2017-05-27T04:38:59.646073 > mtime.conffile..etc.libvirt.nwfilter.qemu-announce-self-rarp.xml: > 2017-05-27T04:38:59.050072 > mtime.conffile..etc.libvirt.nwfilter.qemu-announce-self.xml: > 2017-05-27T04:38:59.322073 > mtime.conffile..etc.libvirt.qemu.networks.default.xml: > 2017-05-27T04:38:58.478070 > > To manage notifications about this bug go to: > https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1881969/+subscriptions > -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1881969 Title: apparmor profile for libvirtd/libvirt-daemon needs fixing To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1881969/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs