apparmor DENIED on domain shutdown
Jim Fehlig
jfehlig at suse.com
Thu Dec 3 18:20:15 UTC 2020
On 12/3/20 4:42 AM, Francesc Guasch wrote:
> Hi. I upgraded one of my servers to Ubuntu 20.04. Since then domains
> won't shutdown. They are in the "in shutdown" state.
>
> I googled around and I found it is probably because of apparmor.
>
> I see this message in the logs:
>
> kernel: [740222.848210] audit: type=1400 audit(1606983397.013:338):
> apparmor="DENIED" operation="signal"
> profile="libvirt-a2c1456f-3371-49eb-9fa4-f8576ca4e878" pid=2375 comm="libvirtd"
> requested_mask="receive" denied_mask="receive" signal=term peer="libvirtd"
Are you using lxc? I recently posted a patch allowing lxc domains to receive
signals from libvirtd
https://www.redhat.com/archives/libvir-list/2020-December/msg00187.html
If you are using qemu, ensure the libvirt-qemu abstraction contains similar
rules. They were introduced in libvirt 5.2.0, so your libvirt-qemu abstraction
should already have them.
Regards,
Jim
More information about the libvirt-users
mailing list