Public bug reported: Apparmor denise libvirt access to a number of important directories.
syslog.4:Dec 12 17:18:08 nuc2 kernel: [54334.001494] type=1400 audit(1418404688.659:48): apparmor="DENIED" operation="open" profile="libvirt-64557998-1e6b-43fb-bf6a-7dc9b9c7a660" name="/var/lib/charm/ceph/ceph.conf" pid=23594 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=108 ouid=0 syslog.4:Dec 12 17:18:09 nuc2 kernel: [54334.537222] type=1400 audit(1418404689.195:49): apparmor="DENIED" operation="open" profile="libvirt-64557998-1e6b-43fb-bf6a-7dc9b9c7a660" name="/var/lib/charm/ceph/ceph.conf" pid=23594 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=108 ouid=0 syslog.4:Dec 12 17:18:09 nuc2 kernel: [54334.745412] type=1400 audit(1418404689.403:50): apparmor="DENIED" operation="open" profile="libvirt-64557998-1e6b-43fb-bf6a-7dc9b9c7a660" name="/var/lib/charm/ceph/ceph.conf" pid=23594 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=108 ouid=0 syslog.4:Dec 12 17:18:09 nuc2 kernel: [54334.808978] type=1400 audit(1418404689.467:51): apparmor="DENIED" operation="open" profile="libvirt-64557998-1e6b-43fb-bf6a-7dc9b9c7a660" name="/var/lib/charm/ceph/ceph.conf" pid=23594 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=108 ouid=0 syslog.4:Dec 12 17:18:09 nuc2 kernel: [54334.858862] type=1400 audit(1418404689.515:52): apparmor="DENIED" operation="open" profile="libvirt-64557998-1e6b-43fb-bf6a-7dc9b9c7a660" name="/var/lib/charm/ceph/ceph.conf" pid=23594 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=108 ouid=0 syslog.4:Dec 12 17:18:09 nuc2 kernel: [54334.909608] type=1400 audit(1418404689.567:53): apparmor="DENIED" operation="open" profile="libvirt-64557998-1e6b-43fb-bf6a-7dc9b9c7a660" name="/var/lib/charm/ceph/ceph.conf" pid=23594 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=108 ouid=0 syslog.4:Dec 12 17:18:09 nuc2 kernel: [54334.976979] type=1400 audit(1418404689.635:54): apparmor="DENIED" operation="open" profile="libvirt-64557998-1e6b-43fb-bf6a-7dc9b9c7a660" name="/var/lib/charm/ceph/ceph.conf" pid=23594 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=108 ouid=0 syslog.4:Dec 12 18:25:25 nuc2 kernel: [58368.978163] type=1400 audit(1418408725.790:56): apparmor="DENIED" operation="open" profile="libvirt-c2f29087-8453-4441-a27d-716666fcd7a5" name="/var/lib/charm/ceph/ceph.conf" pid=19293 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=108 ouid=0 syslog.4:Dec 12 18:25:25 nuc2 kernel: [58368.979670] type=1400 audit(1418408725.790:57): apparmor="DENIED" operation="open" profile="libvirt-c2f29087-8453-4441-a27d-716666fcd7a5" name="/tmp/" pid=19293 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=108 ouid=0 syslog.4:Dec 12 18:25:25 nuc2 kernel: [58368.979680] type=1400 audit(1418408725.790:58): apparmor="DENIED" operation="open" profile="libvirt-c2f29087-8453-4441-a27d-716666fcd7a5" name="/var/tmp/" pid=19293 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=108 ouid=0 In this case the machine was installed using juju and maas. Specific charms in play on this machine are ceph, and nova-compute. I'm not sure if the juju charms need to be updated or if the libvirt template needs to be updated or something else altogether. It's important to not that without ceph apparmor still denies access to /tmp and /var/tmp ProblemType: Bug DistroRelease: Ubuntu 14.04 Package: libvirt-bin 1.2.2-0ubuntu13.1.7 ProcVersionSignature: User Name 3.13.0-35.62-generic 3.13.11.6 Uname: Linux 3.13.0-35-generic x86_64 ApportVersion: 2.14.1-0ubuntu3.6 Architecture: amd64 Date: Wed Dec 17 21:15:20 2014 KernLog: ProcEnviron: TERM=xterm PATH=(custom, no user) XDG_RUNTIME_DIR=<set> LANG=en_US.UTF-8 SHELL=/bin/bash SourcePackage: libvirt UpgradeStatus: No upgrade log present (probably fresh install) modified.conffile..etc.default.libvirt.bin: [modified] modified.conffile..etc.libvirt.libvirtd.conf: [modified] modified.conffile..etc.libvirt.qemu.conf: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/qemu.conf'] mtime.conffile..etc.default.libvirt.bin: 2014-12-12T02:21:56.792085 mtime.conffile..etc.libvirt.libvirtd.conf: 2014-12-12T02:21:49.403764 ** Affects: libvirt (Ubuntu) Importance: Undecided Status: Incomplete ** Affects: ceph (Juju Charms Collection) Importance: Undecided Status: New ** Tags: amd64 apport-bug trusty uec-images ** Also affects: ceph (Juju Charms Collection) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in Ubuntu. https://bugs.launchpad.net/bugs/1403648 Title: Apparmor denies qemu access to a number of important directories. To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1403648/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs