[Bug 908007] New: virt-manager: Unable to migrate guest: unsupported configuration: Unable to find security driver for label apparmor
http://bugzilla.opensuse.org/show_bug.cgi?id=908007 Bug ID: 908007 Summary: virt-manager: Unable to migrate guest: unsupported configuration: Unable to find security driver for label apparmor Classification: openSUSE Product: openSUSE Factory Version: 201412* Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Basesystem Assignee: carnold@suse.com Reporter: mpluskal@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- Created attachment 615639 --> http://bugzilla.opensuse.org/attachment.cgi?id=615639&action=edit virt-manager --debug When trying to migrate vm via virt-manager between machines with opensuse-factorty, following error is raised: Unable to migrate guest: unsupported configuration: Unable to find security driver for label apparmor Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/asyncjob.py", line 89, in cb_wrapper callback(asyncjob, *args, **kwargs) File "/usr/share/virt-manager/virtManager/migrate.py", line 547, in _async_migrate vm.migrate(dstconn, migrate_uri, rate, live, secure, unsafe, meter=meter) File "/usr/share/virt-manager/virtManager/domain.py", line 1446, in migrate self._backend.migrate(destconn, flags, newname, interface, rate) File "/usr/lib64/python2.7/site-packages/libvirt.py", line 1458, in migrate if ret is None:raise libvirtError('virDomainMigrate() failed', dom=self) libvirtError: unsupported configuration: Unable to find security driver for label apparmor -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=908007 Martin Pluskal <mpluskal@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Blocks| |908008 -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=908007 Charles Arnold <carnold@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jfehlig@suse.com --- Comment #1 from Charles Arnold <carnold@suse.com> --- Jim, Is this issue addressed with recent libvirt fixes for migration? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=908007 James Fehlig <jfehlig@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |carnold@suse.com Assignee|carnold@suse.com |cbosdonnat@suse.com --- Comment #2 from James Fehlig <jfehlig@suse.com> --- (In reply to Charles Arnold from comment #1)
Jim, Is this issue addressed with recent libvirt fixes for migration?
No, but might be related to recent changes in the security driver configuration. Cedric, can you take a look? -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=908007 Cédric Bosdonnat <cbosdonnat@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |mpluskal@suse.com Flags| |needinfo?(mpluskal@suse.com | |) --- Comment #3 from Cédric Bosdonnat <cbosdonnat@suse.com> --- (In reply to James Fehlig from comment #2)
(In reply to Charles Arnold from comment #1)
Jim, Is this issue addressed with recent libvirt fixes for migration?
No, but might be related to recent changes in the security driver configuration. Cedric, can you take a look?
That really looks like the default changes for qemu security driver could fix that. Do you have the following change in your libvirt installations?
Tue Nov 18 17:21:55 UTC 2014 - cbosdonnat@suse.com
- Remove security_driver = "none" in qemu config. This completely disabled all security drivers instead of probing them. - Changed default value of QEMU's security_default_confined to 0 to keep QEMU domains unconfined by default.
In any case, it would be good to check /etc/libvirt/qemu.conf file to: * not have the line security_driver = "none" * have security_default_confined = 0 or 0 set as a default value for it. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=908007 Martin Pluskal <mpluskal@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Flags|needinfo?(mpluskal@suse.com | |) | --- Comment #4 from Martin Pluskal <mpluskal@suse.com> --- (In reply to Cédric Bosdonnat from comment #3)
(In reply to James Fehlig from comment #2)
(In reply to Charles Arnold from comment #1)
Jim, Is this issue addressed with recent libvirt fixes for migration?
No, but might be related to recent changes in the security driver configuration. Cedric, can you take a look?
That really looks like the default changes for qemu security driver could fix that. Do you have the following change in your libvirt installations?
Tue Nov 18 17:21:55 UTC 2014 - cbosdonnat@suse.com
- Remove security_driver = "none" in qemu config. This completely disabled all security drivers instead of probing them. - Changed default value of QEMU's security_default_confined to 0 to keep QEMU domains unconfined by default. Well I can not reproduce issue with packages from Virtualization project on obs, so I guess that Factory was just too old.
In any case, it would be good to check /etc/libvirt/qemu.conf file to: * not have the line security_driver = "none" * have security_default_confined = 0 or 0 set as a default value for it. Nope
We can probably close this issue. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=908007 James Fehlig <jfehlig@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #5 from James Fehlig <jfehlig@suse.com> --- Thanks Martin. I'm going to close this now so I can also close #908008, which depends on it. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com