You are not logged in.

#1 2019-01-31 02:04:13

i_love_r34
Member
From: Mexico
Registered: 2016-02-14
Posts: 87

Error enabling apparmor security driver for libvirt qemu

Hello to everyone!

Recently trying to enable apparmor security driver in libvirt for qemu, show a very confusing error:

Jan 30 11:54:52 illuminati libvirtd[30270]: unsupported configuration: Security driver apparmor not enabled
Jan 30 11:54:52 illuminati libvirtd[30270]: internal error: Failed to initialize security drivers
Jan 30 11:54:52 illuminati libvirtd[30270]: Initialization of QEMU state driver failed: internal error: Failed to initialize security drivers
Jan 30 11:54:52 illuminati libvirtd[30270]: Driver state initialization failed
Jan 30 11:54:52 illuminati systemd[1]: libvirtd.service: Succeeded.

The libvirt package I used was the one from ABS with just a modification to the pkgbuild in the configure command:

build() {
  cd "${srcdir}/${pkgname}-${pkgver}"

  export PYTHON=$(command -v python)
  export LDFLAGS=-lX11
  export RADVD=/usr/bin/radvd
  [ -f Makefile ] || ZFS=/usr/bin/zfs ZPOOL=/usr/bin/zpool ./configure \
    --prefix=/usr \
    --libexec=/usr/lib/"${pkgname}" \
    --sbindir=/usr/bin \
    --disable-static \
    --with-init-script=systemd \
    --with-qemu \
    --with-qemu-user=nobody \
    --with-qemu-group=kvm \
    --without-hal \
    --with-interface \
    --with-lxc \
    --with-netcf \
    --with-udev \
    --with-storage-disk \
    --with-storage-gluster \
    --with-storage-iscsi \
    --with-storage-lvm \
    --with-storage-zfs \
    --with-apparmor-profiles
  make
}

Although the output of ./configure command show that apparnor was detected and the driver enabled, libvirt still use the none secdriver option
configure output: https://pastebin.com/ZrFF84z1\
virsh output:

  <host>
    <cpu>
      <arch>x86_64</arch>
      <model>Skylake-Client-IBRS</model>
      <vendor>Intel</vendor>
      <microcode version='198'/>
      <topology sockets='1' cores='4' threads='1'/>
      <feature name='ds'/>
      <feature name='acpi'/>
      <feature name='ss'/>
      <feature name='ht'/>
      <feature name='tm'/>
      <feature name='pbe'/>
      <feature name='dtes64'/>
      <feature name='monitor'/>
      <feature name='ds_cpl'/>
      <feature name='vmx'/>
      <feature name='est'/>
      <feature name='tm2'/>
      <feature name='xtpr'/>
      <feature name='pdcm'/>
      <feature name='osxsave'/>
      <feature name='tsc_adjust'/>
      <feature name='clflushopt'/>
      <feature name='intel-pt'/>
      <feature name='stibp'/>
      <feature name='ssbd'/>
      <feature name='xsaves'/>
      <feature name='pdpe1gb'/>
      <feature name='invtsc'/>
      <pages unit='KiB' size='4'/>
      <pages unit='KiB' size='2048'/>
      <pages unit='KiB' size='1048576'/>
    </cpu>
    <power_management>
      <suspend_mem/>
      <suspend_disk/>
      <suspend_hybrid/>
    </power_management>
    <iommu support='yes'/>
    <migration_features>
      <live/>
      <uri_transports>
        <uri_transport>tcp</uri_transport>
        <uri_transport>rdma</uri_transport>
      </uri_transports>
    </migration_features>
    <topology>
      <cells num='1'>
        <cell id='0'>
          <memory unit='KiB'>16356332</memory>
          <pages unit='KiB' size='4'>3807483</pages>
          <pages unit='KiB' size='2048'>550</pages>
          <pages unit='KiB' size='1048576'>0</pages>
          <distances>
            <sibling id='0' value='10'/>
          </distances>
          <cpus num='4'>
            <cpu id='0' socket_id='0' core_id='0' siblings='0'/>
            <cpu id='1' socket_id='0' core_id='1' siblings='1'/>
            <cpu id='2' socket_id='0' core_id='2' siblings='2'/>
            <cpu id='3' socket_id='0' core_id='3' siblings='3'/>
          </cpus>
        </cell>
      </cells>
    </topology>
    <cache>
      <bank id='0' level='3' type='both' size='6' unit='MiB' cpus='0-3'/>
    </cache>
    <secmodel>
      <model>none</model>
      <doi>0</doi>
    </secmodel>
  </host>

Maybe I'm doing something wrong?

Regards.

Offline

#2 2022-11-12 16:32:45

zggzcgy
Member
From: CN
Registered: 2022-08-27
Posts: 9

Re: Error enabling apparmor security driver for libvirt qemu

Hey bro, I'm having a similar problem, can you please solve it?

Offline

Board footer

Powered by FluxBB