I also encountered this issue just now. It is caused by an update of the
apparmor profile:
--- /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper 2010-04-14
14:19:00.000000000 +0200
+++ /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper.dpkg-dist 2010-04-15
08:17:39.000000000 +0200
@@ -3,6 +3,7 @@
/usr/lib/libvirt/virt-aa-helper {
#include <abstractions/base>
+ #include <abstractions/user-tmp>
# needed for searching directories
capability dac_override,
@@ -14,9 +15,30 @@
deny @{PROC}/[0-9]*/mounts r,
@{PROC}/filesystems r,
+ # for hostdev
+ /sys/devices/ r,
+ /sys/devices/** r,
+
/usr/lib/libvirt/virt-aa-helper mr,
/sbin/apparmor_parser Ux,
/etc/apparmor.d/libvirt/* r,
/etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*
rw,
+
+ # For backingstore, virt-aa-helper needs to peek inside the disk image, so
+ # allow access to non-hidden files in @{HOME} as well as storage pools, and
+ # removable media and filesystems. A virt-aa-helper failure when checking a
+ # disk for backinsgstore is non-fatal (but obviously the backingstore won't
+ # be added).
+ audit deny @{HOME}/.* mrwkl,
+ audit deny @{HOME}/.*/ rw,
+ audit deny @{HOME}/.*/** mrwkl,
+ audit deny @{HOME}/bin/ rw,
+ audit deny @{HOME}/bin/** mrwkl,
+ @{HOME}/ r,
+ @{HOME}/** r,
+ /var/lib/libvirt/images/ r,
+ /var/lib/libvirt/images/** r,
+ /{media,mnt,opt,srv}/** r,
+ deny /dev/** mrwkl,
}
I reverted to the old one and virt-manager was able to start virtual
machines again.
--
[Lucid] Error starting domain: could not remove profile
https://bugs.launchpad.net/bugs/517714
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
