One workaround is to do
aa-complain /etc/apparmor.d/libvirt/libvirt-<UUID>
You may need to
touch /etc/apparmor.d/libvirt/libvirt-<UUID>.files
because the .files may not be present, it is created and removed
dynamically by libvirt
Another workaround is to (accidentally) break the apparmor profile so it
can't be correctly parsed. I believe that in this case, libvirt launches
the VM anyway, but with no apparmor profile ... this is a bit sneaky.
So if you want to investigate apparmor, you have to see the
libirt-<UUID> profile in aa-status. It defaults to enforce. If it's not
there, fix the problem.
With aa-enforce on, vm launch fails but there is no logging anywhere I can find
of a DENIED message.
So as an absolute apparmor beginner, I have no clues.
The best I can do is with strace
on the libvirtd process
root@elecgear:/home/tim# strace -f -p 4818 2>&1 | grep memfd
[pid 11307] memfd_create("test", MFD_CLOEXEC|MFD_ALLOW_SEALING) = 3
[pid 11307] memfd_create("test", MFD_CLOEXEC|MFD_HUGETLB) = 3
[pid 11307] memfd_create("memory-backend-memfd",
MFD_CLOEXEC|MFD_ALLOW_SEALING|MFD_HUGETLB|21<<MFD_HUGE_SHIFT) = 20
[pid 11307] write(2, "failed to resize memfd to 214748"..., 55) = 55
** Summary changed:
- hugepages causes permissions error [invalid, page pool too small]
+ hugepages causes permissions error [apparmor profile]
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2073214
Title:
hugepages causes permissions error [apparmor profile]
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/2073214/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
