[one-users] Apparmor Profile

Mohamed Mohamed mohamed.mohamed at telecom-sudparis.eu
Thu Jun 28 00:13:09 PDT 2012 

The output is: 
$apparmor_status 


apparmor module is loaded. 
19 profiles are loaded. 
19 profiles are in enforce mode. 
/sbin/dhclient 
/usr/bin/evince 
/usr/bin/evince-previewer 
/usr/bin/evince-previewer//launchpad_integration 
/usr/bin/evince-previewer//sanitized_helper 
/usr/bin/evince-thumbnailer 
/usr/bin/evince-thumbnailer//sanitized_helper 
/usr/bin/evince//launchpad_integration 
/usr/bin/evince//sanitized_helper 
/usr/lib/NetworkManager/nm-dhcp-client.action 
/usr/lib/connman/scripts/dhclient-script 
/usr/lib/cups/backend/cups-pdf 
/usr/lib/libvirt/virt-aa-helper 
/usr/lib/lightdm/lightdm/lightdm-guest-session-wrapper 
/usr/lib/telepathy/mission-control-5 
/usr/lib/telepathy/telepathy-* 
/usr/sbin/cupsd 
/usr/sbin/libvirtd 
/usr/sbin/tcpdump 
0 profiles are in complain mode. 
6 processes have profiles defined. 
0 processes are in enforce mode. 
0 processes are in complain mode. 
6 processes are unconfined but have a profile defined. 
/sbin/dhclient (1098) 
/sbin/dhclient (4390) 
/sbin/dhclient (4517) 
/usr/lib/telepathy/mission-control-5 (2227) 
/usr/sbin/cupsd (885) 
/usr/sbin/libvirtd (9276) 



after 

$/etc/init.d/apparmor teardown 

the output is 


apparmor module is loaded. 
0 profiles are loaded. 
0 profiles are in enforce mode. 
0 profiles are in complain mode. 
0 processes have profiles defined. 
0 processes are in enforce mode. 
0 processes are in complain mode. 
0 processes are unconfined but have a profile defined. 




in the host machine /var/log/libvirt/libvirtd.log shows the following error (after apparmor teardown): 


2012-06-27 09:58:00.982+0000: 1134: error : virCommandWait:2192 : internal error Child process (/usr/lib/libvirt/virt-aa-helper -p 0 -c -u libvirt-bda4a47d-e2c4-8e2f-a48c-37c61f98f60a) status unexpected: exit status 1 
2012-06-27 09:58:00.982+0000: 1134: error : AppArmorGenSecurityLabel:443 : internal error cannot load AppArmor profile 'libvirt-bda4a47d-e2c4-8e2f-a48c-37c61f98f60a 



----- Mail original -----

De: "Jan Benadik" <jan.benadik at atos.net> 
À: "Mohamed Mohamed" <mohamed.mohamed at telecom-sudparis.eu> 
Cc: users at lists.opennebula.org 
Envoyé: Mercredi 27 Juin 2012 17:32:01 
Objet: Re: [one-users] Apparmor Profile 

What is output of apparmor_status? 
What is changed if unload apparmor? 
(/etc/init.d/apparmor teardown) 

Jan 



Dňa 27.06.2012 16:47, Mohamed Mohamed wrote / napísal(a): 



thank you for your answer, 
i did append this line and restart apparmor 
but the problem persists. 
Mohamed 

----- Mail original -----

De: "Jan Benadik" <jan.benadik at atos.net> 
À: users at lists.opennebula.org 
Envoyé: Mercredi 27 Juin 2012 15:55:27 
Objet: Re: [one-users] Apparmor Profile 

Hi, 

did you append the line 

/var/lib/one/** lrwk, 

at the end of /etc/apparmor.d/usr.sbin.libvirtd file and restart apparmor service? 

J.B. 


Dňa 27.06.2012 14:25, Mohamed Mohamed wrote / napísal(a): 

<blockquote>

Hi all, 
I installed opennebula 3.6 on ubuntu 12.4TLS, 
i added 2 new hosts, i was following the documentation in opennebula.org. 
when i try to submit a new VM the following error occures: 



Wed Jun 27 14:23:22 2012 [VMM][I]: Successfully execute network driver operation: pre.
Wed Jun 27 14:23:22 2012 [VMM][I]: Command execution fail: cat << EOT | /var/tmp/one/vmm/kvm/deploy /var/lib/one//datastores/0/3/deployment.0 node1 3 node1
Wed Jun 27 14:23:22 2012 [VMM][I]: error: Failed to create domain from /var/lib/one//datastores/0/3/deployment.0
Wed Jun 27 14:23:22 2012 [VMM][I]: error: internal error cannot load AppArmor profile 'libvirt-11995295-92ea-b181-c44c-4fc74b7afe4a' Wed Jun 27 14:23:22 2012 [VMM][E]: Could not create domain from /var/lib/one//datastores/0/3/deployment.0 Wed Jun 27 14:23:22 2012 [VMM][I]: ExitCode: 255
Wed Jun 27 14:23:22 2012 [VMM][I]: Failed to execute virtualization driver operation: deploy. Wed Jun 27 14:23:22 2012 [VMM][E]: Error deploying virtual machine: Could not create domain from /var/lib/one//datastores/0/3/deployment.0 Wed Jun 27 14:23:23 2012 [DiM][I]: New VM state is FAILED 



does any one have a suggestion? 
best regards, 
Mohamed. 


_______________________________________________
Users mailing list Users at lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org 



-- 

Ján Beňadik 
Managed Services - Solution Design Architect 
+421 46 5151 332 
+421 903 691 634 
jan.benadik at atos.net 
Vinohradnícka 6, 971 01 Prievidza 
www.sk.atos.net 
__________________________________ 





_______________________________________________ 
Users mailing list 
Users at lists.opennebula.org 
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org 


</blockquote>


-- 

Ján Beňadik 
Managed Services - Solution Design Architect 
+421 46 5151 332 
+421 903 691 634 
jan.benadik at atos.net 
Vinohradnícka 6, 971 01 Prievidza 
www.sk.atos.net 
__________________________________ 





_______________________________________________ 
Users mailing list 
Users at lists.opennebula.org 
http://lists.opennebula.org/listinfo.cgi/users-opennebula.org 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120628/f356b04f/attachment-0002.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 281 bytes
Desc: not available
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120628/f356b04f/attachment-0008.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/gif
Size: 1723 bytes
Desc: not available
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120628/f356b04f/attachment-0009.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: ciara.gif
Type: image/gif
Size: 281 bytes
Desc: not available
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120628/f356b04f/attachment-0010.gif>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: atos.gif
Type: image/gif
Size: 1723 bytes
Desc: not available
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120628/f356b04f/attachment-0011.gif>

More information about the Users mailing list