Quick Fix: AppArmor+Libvirt Errors in Debian, Round 2
After smooth sailing for a while after the last post on the subject, I ran into another one. Once again, I was getting errors when trying to start guests.
I was getting error messages such as these in syslog:
2023-06-20T14:14:41.858010-07:00 store libvirtd[8623]: internal error: Process exited prior to exec: libvirt: error : Cannot delete directory '/run/libvirt/qemu/4-autoserver.shm': Device or resource busy
2023-06-20T14:14:42.060935-07:00 store libvirtd[8623]: internal error: Failed to autostart VM 'autoserver': internal error: Process exited prior to exec: libvirt: error : Cannot delete directory '/run/libvirt/qemu/4-autoserver.shm': Device or resource busy/var/log/audit/audit.log showed errors such as these:
type=AVC msg=audit(1687295681.852:196): apparmor="DENIED" operation="umount" class="mount" profile="libvirtd" name="/run/libvirt/qemu/4-autoserver.dev/" pid=9441 comm="daemon-init"The fix is to add this to /etc/apparmor.d/abstractions/libvirt:
umount /run/libvirt/qemu/**,Reload apparmor (systemctl reload apparmor) and try starting a guest.
October 7th, 2023 at 03:15
Hello,
Thanks for your post.
On my side (LMDE 6 upgraded from LMDE 5 i.e. Debian 12 upgraded from Debian 11) I begun by turning AppArmor in notifications mode (sudo aa-notify -p –display $DISPLAY) cause the mentioned file in your post was not existing in my system.
Then I triggered the error (i.e. trying to run a VM) and I saw the AppArmor profile I had to modify was actually /etc/apparmor.d/usr.sbin.libvirtd where I added those two lines :
umount /run/libvirt/qemu/**,
umount /dev/,
The second line is because I faced another permission issue with AppArmor regarding /dev/. After reloading AppArmor (sudo systemctl reload apparmor) everything went smooth ;-)
Thanks again.