On 12/3/20 4:42 AM, Francesc Guasch wrote:> Hi. I upgraded one of my servers to Ubuntu 20.04. Since then domains > won't shutdown. They are in the "in shutdown" state. > > I googled around and I found it is probably because of apparmor. > > I see this message in the logs: > > kernel: [740222.848210] audit: type=1400 audit(1606983397.013:338): > apparmor="DENIED" operation="signal" > profile="libvirt-a2c1456f-3371-49eb-9fa4-f8576ca4e878" pid=2375 comm="libvirtd" > requested_mask="receive" denied_mask="receive" signal=term peer="libvirtd"Are you using lxc? I recently posted a patch allowing lxc domains to receive signals from libvirtd https://www.redhat.com/archives/libvir-list/2020-December/msg00187.html If you are using qemu, ensure the libvirt-qemu abstraction contains similar rules. They were introduced in libvirt 5.2.0, so your libvirt-qemu abstraction should already have them. Regards, Jim
On 03/12/2020 19:20, Jim Fehlig wrote:> On 12/3/20 4:42 AM, Francesc Guasch wrote: >> Hi. I upgraded one of my servers to Ubuntu 20.04. Since then domains >> won't shutdown. They are in the "in shutdown" state. >> >> I see this message in the logs: >> >> kernel: [740222.848210] audit: type=1400 audit(1606983397.013:338): >> apparmor="DENIED" operation="signal" >> profile="libvirt-a2c1456f-3371-49eb-9fa4-f8576ca4e878" pid=2375 >> comm="libvirtd" requested_mask="receive" denied_mask="receive" >> signal=term peer="libvirtd" > > Are you using lxc? I recently posted a patch allowing lxc domains to > receive signals from libvirtd > > https://www.redhat.com/archives/libvir-list/2020-December/msg00187.html >Jim ! I am not using LXC, but KVM. That worked like a charm. For the record that is exactly what I changed: I added to the file : /etc/apparmor.d/usr.sbin.libvirtd below: # For communication/control from libvirtd signal (receive) peer=libvirtd, signal (receive) peer=/usr/sbin/libvirtd Thank you very much.