Create Virtual Machine using libvirt error related to AppArmor

E

4

9

I am trying to create a virtual machine using libvirt using the command:

virsh create file

Contents of "file":

<domain type='qemu' id='3'>
        <name>testvm</name>
        <memory>100</memory>
        <vcpu>1</vcpu>
        <os>
                <type arch='i686'>hvm</type>
        </os>
        <devices>
                <disk type='file' device='disk'>
                        <source file='/libtmp/VM-linux.0.2.img'/>
                        <target dev='hdc'/>
                </disk>
        </devices>
        <on_reboot>restart</on_reboot>
        <on_poweroff>preserve</on_poweroff>
        <on_crash>restart</on_crash>
</domain>

Here is error which occur.

error: Failed to create domain from file
error: internal error cannot load AppArmor profile 'libvirt-9cb01efc-ed3b-ff8e-4de5-7227d311dd15'

I am able to create the vm without loading the image file.

Everytime the profile name keeps on changing. I tried stopping it and creating the vm but I got the same error.

Any pointers will be very helpful.

Elinaelinor answered 22/8, 2012 at 8:39 Comment(0)

F

4

This is a bug in libvirt. See https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/665531

Edit the xml definition of the virtual domain with "virsh edit domainname" command. Replace type='host_device' with type='raw' in the xml definition.

Fontana answered 28/8, 2012 at 5:0 Comment(0)

G

7

I had the same problem and the reason was that I had a bad idea to place readonly cdrom image to /etc like this:

<disk type="file" device="cdrom">
  <driver name='qemu' type="raw" />
  <source file="/etc/libvirt/qemu/cdrom.iso" />
  <target dev='hdb' bus='virtio'/>
  <readonly/>
</disk>

Moving to /var removed the error message and allowed to start the virtual machine. This line:

<source file="/var/lib/libvirt/images/cdrom.iso" />

Gerrigerrie answered 19/4, 2016 at 11:54 Comment(0)

F

4

This is a bug in libvirt. See https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/665531

Edit the xml definition of the virtual domain with "virsh edit domainname" command. Replace type='host_device' with type='raw' in the xml definition.

Fontana answered 28/8, 2012 at 5:0 Comment(0)

E

2

This is a work around but not the correct way. Set AppArmor to complain mode using following command:

sudo aa-complain /usr/sbin/libvirtd

Elinaelinor answered 25/8, 2012 at 11:58 Comment(3)

Be sure to set it back with aa-enforce when you're done – Dollhouse 23/6, 2015 at 14:5

I completely removed apparmor to solve multiple problems with other services but this also killed my kvm server. I dont know what I actually uninstalled with apt remove --purge apparmor* and I also dont have that command. Any ideas? – Cleavers 14/11, 2017 at 20:28

there is no need to remove apparmor, just replace security_driver = "apparmor" by security_driver = "none" in /etc/libvirt/qemu.conf. – Idioglossia 10/8, 2019 at 19:55

H

0

In one case, I had the error because multiple parts of libvirt were "masked" in systemd. So I had to find them all (systemctl |grep virt), check whether they were masked (systemctl status ...) and unmask the masked ones (systemctl unmask ...). I also enabled and started them.

Debian 11 bullseye

Hyposthenia answered 17/1 at 13:18 Comment(0)

Recommended topics

Hot tags