Reputation: 317
Create Virtual Machine using libvirt error related to AppArmor
I am trying to create a virtual machine using libvirt using the command:
virsh create file
Contents of "file":
<domain type='qemu' id='3'>
<name>testvm</name>
<memory>100</memory>
<vcpu>1</vcpu>
<os>
<type arch='i686'>hvm</type>
</os>
<devices>
<disk type='file' device='disk'>
<source file='/libtmp/VM-linux.0.2.img'/>
<target dev='hdc'/>
</disk>
</devices>
<on_reboot>restart</on_reboot>
<on_poweroff>preserve</on_poweroff>
<on_crash>restart</on_crash>
</domain>
Here is error which occur.
error: Failed to create domain from file
error: internal error cannot load AppArmor profile 'libvirt-9cb01efc-ed3b-ff8e-4de5-7227d311dd15'
I am able to create the vm without loading the image file.
Everytime the profile name keeps on changing. I tried stopping it and creating the vm but I got the same error.
Any pointers will be very helpful.
Upvotes: 9
Views: 25681
Answers (4)
Reputation: 230
In one case, I had the error because multiple parts of libvirt were "masked" in systemd. So I had to find them all (systemctl |grep virt), check whether they were masked (systemctl status ...) and unmask the masked ones (systemctl unmask ...). I also enabled and started them.
Debian 11 bullseye
Upvotes: 0
Reputation: 3249
I had the same problem and the reason was that I had a bad idea to place readonly cdrom image to /etc like this:
<disk type="file" device="cdrom">
<driver name='qemu' type="raw" />
<source file="/etc/libvirt/qemu/cdrom.iso" />
<target dev='hdb' bus='virtio'/>
<readonly/>
</disk>
Moving to /var removed the error message and allowed to start the virtual machine. This line:
<source file="/var/lib/libvirt/images/cdrom.iso" />
Upvotes: 7
Reputation: 317
This is a work around but not the correct way. Set AppArmor to complain mode using following command:
sudo aa-complain /usr/sbin/libvirtd
Upvotes: 2
Reputation: 5310
This is a bug in libvirt. See https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/665531
Edit the xml definition of the virtual domain with "virsh edit domainname" command. Replace type='host_device' with type='raw' in the xml definition.
Upvotes: 4
Related Questions
- Error creating libvirt KVM domain: invalid argument: could not get preferred machine for /usr/libexec/qemu-kvm type=kvm
- libvirt Apparmor permission denied when accessing qemu socket
- qemu-system-arm -redir invalid option
- Using custom qemu binary with libvirt fails?
- How to create vm with libvirt-go package - get boot error
- Python - libvirt
- libvirt qemu-system-arm, error: XML error: No PCI buses available
- Using IVSHMEM with libvirt virt-manager
- I cannot start qemu-kvm on a CentOS 6 server
- apparmor causes issues on libvirt with custom qemu