No, after I configured libvirt to not use a security driver explicitly it worked fine. The apparmor "DENIED" dmesg logs also disappeared.<div><br></div><div>Shank<br><br><div class="gmail_quote">On Mon, Apr 30, 2012 at 4:47 AM, Tino Vazquez <span dir="ltr"><<a href="mailto:tinova@opennebula.org" target="_blank">tinova@opennebula.org</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Hi,<br>
<br>
Is this issue still showing after disabling apparmor?<br>
<br>
Regards,<br>
<br>
-Tino<br>
<br>
--<br>
Constantino Vázquez Blanco, MSc<br>
Project Engineer<br>
OpenNebula - The Open-Source Solution for Data Center Virtualization<br>
<a href="http://www.OpenNebula.org" target="_blank">www.OpenNebula.org</a> | @tinova79 | @OpenNebula<br>
<div><div class="h5"><br>
<br>
On Sun, Apr 29, 2012 at 1:05 AM, Shankhadeep Shome <<a href="mailto:shank15217@gmail.com">shank15217@gmail.com</a>> wrote:<br>
> Hi I noticed that following in qemu.conf had to set to<br>
> support simultaneous mass migrations from one host to another with KVM on<br>
> ubuntu 12.04, not sure why can anybody clarify whats really going on?<br>
><br>
> security_driver = "none"<br>
><br>
> I get the following in the dmesg logs when vms are starting up and when I<br>
> chose multiple vms to live migrate all of them fail to migrate to the<br>
> destination node, however if I migrate one vm at a time with a 2-4 sec gap<br>
> the migration is successful sequentially, any ideas?<br>
><br>
> The dmesg logs are full of apparmor denies, however vms work fine if started<br>
> up and migrated one at a time. It seems to an issue with creating the nic<br>
> interface to the vm from the host. This error is easy to recreate and I can<br>
> post additional info if anybody needs as this isn't a production<br>
> configuration.<br>
><br>
> [584213.761452] virbr1: topology change detected, propagating<br>
> [584213.761467] virbr1: port 2(vnet0) entering forwarding state<br>
> [584213.761494] virbr1: port 2(vnet0) entering forwarding state<br>
> [584213.995055] type=1400 audit(1335631280.945:78): apparmor="DENIED"<br>
> operation="open" parent=1<br>
> profile="libvirt-987e7f7c-cb53-7093-4b4e-e87892109432"<br>
> name="/proc/19538/auxv" pid=19538 comm="kvm" requested_mask="r"<br>
> denied_mask="r" fsuid=1001 ouid=1001<br>
> [584223.872064] vnet0: no IPv6 routers present<br>
> [584224.038415] kvm: 19538: cpu0 unhandled rdmsr: 0xc0010001<br>
> [584485.067707] type=1400 audit(1335631552.015:79): apparmor="DENIED"<br>
> operation="open" parent=65334 profile="/usr/lib/libvirt/virt-aa-helper"<br>
> name="/var/lib/one/datastores/101/b79b6b3f36d4ba5f42f42af394b1a450"<br>
> pid=20285 comm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=0<br>
> ouid=1001<br>
> [584485.613221] type=1400 audit(1335631552.563:80): apparmor="STATUS"<br>
> operation="profile_replace"<br>
> name="libvirt-987e7f7c-cb53-7093-4b4e-e87892109432" pid=20286<br>
> comm="apparmor_parser"<br>
> [584489.907793] virbr1: port 2(vnet0) entering forwarding state<br>
> [584489.910679] device vnet0 left promiscuous mode<br>
> [584489.910693] virbr1: port 2(vnet0) entering disabled state<br>
> [584491.054608] type=1400 audit(1335631558.003:81): apparmor="STATUS"<br>
> operation="profile_remove"<br>
> name="libvirt-987e7f7c-cb53-7093-4b4e-e87892109432" pid=20300<br>
> comm="apparmor_parser"<br>
> [603789.617042] type=1400 audit(1335650856.569:82): apparmor="DENIED"<br>
> operation="open" parent=65334 profile="/usr/lib/libvirt/virt-aa-helper"<br>
> name="/var/lib/one/datastores/101/b79b6b3f36d4ba5f42f42af394b1a450"<br>
> pid=56380 comm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=0<br>
> ouid=1001<br>
> [603790.163553] type=1400 audit(1335650857.113:83): apparmor="STATUS"<br>
> operation="profile_load" name="libvirt-5deab1dd-a5eb-8780-5468-e0456feda51e"<br>
> pid=56381 comm="apparmor_parser"<br>
> [603790.488174] device vnet0 entered promiscuous mode<br>
> [603790.569330] virbr1: topology change detected, propagating<br>
> [603790.569344] virbr1: port 2(vnet0) entering forwarding state<br>
> [603790.569370] virbr1: port 2(vnet0) entering forwarding state<br>
> [603790.806858] type=1400 audit(1335650857.757:84): apparmor="DENIED"<br>
> operation="open" parent=1<br>
> profile="libvirt-5deab1dd-a5eb-8780-5468-e0456feda51e"<br>
> name="/proc/56410/auxv" pid=56410 comm="kvm" requested_mask="r"<br>
> denied_mask="r" fsuid=1001 ouid=1001<br>
> requested_mask="r" denied_mask="r" fsuid=0 ouid=1001<br>
><br>
> This issue leads me to another question.. would it be prudent to to<br>
> configure mass live migrations as a serialized operation?<br>
><br>
</div></div>> _______________________________________________<br>
> Users mailing list<br>
> <a href="mailto:Users@lists.opennebula.org">Users@lists.opennebula.org</a><br>
> <a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
><br>
</blockquote></div><br></div>