[Bug 1078498] New: virt-manager does not work on leap 42.3
http://bugzilla.suse.com/show_bug.cgi?id=1078498 Bug ID: 1078498 Summary: virt-manager does not work on leap 42.3 Classification: openSUSE Product: openSUSE Distribution Version: Leap 42.3 Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Virtualization:Tools Assignee: virt-bugs@suse.de Reporter: meissner@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- virt-manager does not seem to start on 42.3 It only outputs: (virt-manager:12190): Gtk-WARNING **: Theme parsing error: gtk.css:68:35: The style property GtkButton:child-displacement-x is deprecated and shouldn't be used anymore. It will be removed in a future version (virt-manager:12190): Gtk-WARNING **: Theme parsing error: gtk.css:69:35: The style property GtkButton:child-displacement-y is deprecated and shouldn't be used anymore. It will be removed in a future version (virt-manager:12190): Gtk-WARNING **: Theme parsing error: gtk.css:73:46: The style property GtkScrolledWindow:scrollbars-within-bevel is deprecated and shouldn't be used anymore. It will be removed in a future version -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1078498
http://bugzilla.suse.com/show_bug.cgi?id=1078498#c1
--- Comment #1 from Marcus Meissner
http://bugzilla.suse.com/show_bug.cgi?id=1078498
http://bugzilla.suse.com/show_bug.cgi?id=1078498#c3
--- Comment #3 from Marcus Meissner
http://bugzilla.suse.com/show_bug.cgi?id=1078498
http://bugzilla.suse.com/show_bug.cgi?id=1078498#c4
James Fehlig
I nmeeded to stop apparmor to get the functionality back.
What are the denials in /var/log/audit/audit.log? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1078498
http://bugzilla.suse.com/show_bug.cgi?id=1078498#c5
Marcus Meissner
http://bugzilla.suse.com/show_bug.cgi?id=1078498
http://bugzilla.suse.com/show_bug.cgi?id=1078498#c6
--- Comment #6 from James Fehlig
type=AVC msg=audit(1517402656.418:16535): apparmor="DENIED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/libvirtd" name="" pid=9072 comm="libvirtd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
This implies the libvirtd apparmor profile needs the 'attach_disconnected' flag, but the 42.3 package should already have that. For more info see https://bugzilla.opensuse.org/show_bug.cgi?id=1045158#c4 I recall someone else hitting a similar issue, which they resolved by nuking the apparmor cache dir contents and restarting apparmor. Perhaps you also need such drastic measure :-). -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1078498
http://bugzilla.suse.com/show_bug.cgi?id=1078498#c7
James Fehlig
type=AVC msg=audit(1517402656.418:16535): apparmor="DENIED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/libvirtd" name="" pid=9072 comm="libvirtd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
This implies the libvirtd apparmor profile needs the 'attach_disconnected' flag, but the 42.3 package should already have that. For more info see https://bugzilla.opensuse.org/show_bug.cgi?id=1045158#c4
I recall someone else hitting a similar issue, which they resolved by nuking the apparmor cache dir contents and restarting apparmor. Perhaps you also need such drastic measure :-).
Marcus, is this the case? Is the cached libvirtd profile not being updated properly? I suppose you could re-parse the profile and skip the cache with apparmor_parser --skip-cache -r /etc/apparmor.d/usr.sbin.libvirtd Do you see the denial after re-parsing the profile? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.suse.com/show_bug.cgi?id=1078498
http://bugzilla.suse.com/show_bug.cgi?id=1078498#c8
Marcus Meissner
http://bugzilla.suse.com/show_bug.cgi?id=1078498
http://bugzilla.suse.com/show_bug.cgi?id=1078498#c9
James Fehlig
participants (1)
-
bugzilla_noreply@novell.com