[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: apparmor DENIED on domain shutdown



On 12/3/20 4:42 AM, Francesc Guasch wrote:
Hi. I upgraded one of my servers to Ubuntu 20.04. Since then domains
won't shutdown. They are in the "in shutdown" state.

I googled around and I found it is probably because of apparmor.

I see this message in the logs:

kernel: [740222.848210] audit: type=1400 audit(1606983397.013:338): apparmor="DENIED" operation="signal" profile="libvirt-a2c1456f-3371-49eb-9fa4-f8576ca4e878" pid=2375 comm="libvirtd" requested_mask="receive" denied_mask="receive" signal=term peer="libvirtd"

Are you using lxc? I recently posted a patch allowing lxc domains to receive signals from libvirtd

https://www.redhat.com/archives/libvir-list/2020-December/msg00187.html

If you are using qemu, ensure the libvirt-qemu abstraction contains similar rules. They were introduced in libvirt 5.2.0, so your libvirt-qemu abstraction should already have them.

Regards,
Jim


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]