Just tested it with kernel 2.6.32-20-generic (amd64) and libvirt0 0.7.5-5ubuntu21.
$ sudo virsh -c qemu:///system define /srv/virtual/aria.xml Domain aria defined from /srv/virtual/aria.xml $ sudo virsh -c qemu:///system start aria error: Failed to start domain aria error: internal error unable to start guest: libvir: Security Labeling error : error calling aa_change_profile() [ 1445.385111] type=1503 audit(1271092691.039:30): operation="open" pid=4883 parent=1224 profile="/usr/lib/libvirt/virt-aa-helper" requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0 name="/srv/virtual/aria-win2k3.img" [ 1445.385453] type=1503 audit(1271092691.039:31): operation="open" pid=4883 parent=1224 profile="/usr/lib/libvirt/virt-aa-helper" requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0 name="/srv/virtual/win2003-x64.iso" [ 1445.407237] device vnet0 entered promiscuous mode [ 1445.408771] virbr0: topology change detected, propagating [ 1445.408780] virbr0: port 1(vnet0) entering forwarding state [ 1445.453859] virbr0: port 1(vnet0) entering disabled state [ 1445.482558] device vnet0 left promiscuous mode [ 1445.482568] virbr0: port 1(vnet0) entering disabled state [ 1445.608828] type=1505 audit(1271092691.259:32): operation="profile_remove" info="profile does not exist" error=-2 pid=4898 name="libvirt-a4294a0d-a75a-a377-ddcd-7e35d5720815" namespace="root" The mentioned profile doesn't get loaded (libvirt-a4294a0d-a75a-a377-ddcd-7e35d5720815) although it exists: $ ls -1 /etc/apparmor.d/libvirt/libvirt-a4294a0d-a75a-a377-ddcd-7e35d5720815* /etc/apparmor.d/libvirt/libvirt-a4294a0d-a75a-a377-ddcd-7e35d5720815 /etc/apparmor.d/libvirt/libvirt-a4294a0d-a75a-a377-ddcd-7e35d5720815.files ...and has appropriate lines in it: $ grep '/srv/virtual/' /etc/apparmor.d/libvirt/libvirt-a4294a0d-a75a-a377-ddcd-7e35d5720815.files "/srv/virtual/aria-win2k3.img" rw, "/srv/virtual/win2003-x64.iso" r, deny "/srv/virtual/win2003-x64.iso" w, So I just added appropriate lines into "/etc/apparmor.d/usr.lib.libvirt.virt-aa-helper" for my custom storage pool (should I open a bug for that?): $ grep '/srv/virtual' /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper /srv/virtual/ r, /srv/virtual/** r, ...reloaded the apparmor service and now it works. Now I'm waiting for a resolution to Bug #513273 to finally get an SDL VM running out of the virt-manager. Thanx a lot so far! Fix confirmed! :-) -- SDL support broken when using apparmor https://bugs.launchpad.net/bugs/545426 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
