Mailinglist Archive: opensuse-support (159 mails)

< Previous Next >
Re: [opensuse-support] creating qemu VM with --boot uefi fails due to missing AppArmor profile
On 2018-06-01 12:41, Knurpht @ openSUSE wrote:
Two options:
Wait for cboltz to jump in ( our Apparmor hero )
Try setting it up through virt-manager, then have a look at the config and
see
if there's any difference with what you're trying from cli.

In virt-manager I get effectively the same error when I select the ovmf
firmware in the pre-install configuration:

Unable to complete install: 'internal error: cannot load AppArmor profile
'libvirt-f49ca662-58d3-4c92-8201-9d98458cc365''

But you made me remember the --print-xml option to virt-install, so here is the
diff (omitting uuid, source file and mac address changes) between

% virt-install --connect qemu:///system --boot hd --name ovmf --memory 1024
--disk size=10 --print-xml > boot-hd.xml
% virt-install --connect qemu:///system --boot uefi --name ovmf --memory 1024
--disk size=10 --print-xml > boot-uefi.xml

% diff boot-hd.xml boot-uefi.xml
8a9
<loader readonly="yes"
type="pflash">/usr/share/qemu/ovmf-x86_64-ms-4m-code.bin</loader>

Looking further into this, I found that [1] patches /src/qemu/qemu.conf to new
ovmf locations, but in /src/security/virt-aa-helper.c [2] the old locations are
still in place. Might this be the problem?

Thanks and cheers

[1]
https://build.opensuse.org/package/view_file/Virtualization/libvirt/suse-ovmf-paths.patch?expand=1
[2]
https://gitlab.com/libvirt/libvirt/blob/master/src/security/virt-aa-helper.c#L516
--
To unsubscribe, e-mail: opensuse-support+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-support+owner@xxxxxxxxxxxx

< Previous Next >
List Navigation