search for: apparmour

...> "/dev/net/tun", > ] You did restart libvirtd after making those setting changes, right ? The user, group & clear_emulator_capabilities settings are the 3 that matter here & you have them correctly set. > I am running Ubuntu 12, which does not use SELinux. It has apparmour though, which possibly denies access to /dev/net/tun Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|...

I found another reason for this error: dns_tkey_negotiategss: TKEY is unacceptable After much head scratching it was due to the Apparmour configuration recommended in the WiKi at: https://wiki.samba.org/index.php/BIND9_DLZ_AppArmor_and_SELinux_Integration The section for Apparmor which recommends adding lines to /etc/apparmor.d/local/usr.sbin.named, I had to change the line: from: /usr/local/samba/private/dns.keytab r, to: /usr/...

Hi Davide, > Hi Thomas, > I'm using this script which leverages external snapshots and blockpull: https://github.com/dguerri/LibVirtKvm-scripts [1] > > It's very simple and on ubuntu requires some tweaks on apparmour configuration. Would it be hard to adapt this script for LVM-backed VMs? []s, Fernando Lozano Links: ------ [1] https://github.com/dguerri/LibVirtKvm-scripts

I'm attempting to build/use libvirt-sandbox on Ubuntu 12.xx. Although I'm still working through dependency issues (including the need for libvirt >= 1.0.2 which is not packaged for ubuntu 12.xx) to build the sandbox code, I have a forward looking question. It appears libvirt-bin for Ubuntu likes apparmor as does most Ubuntu based packages using a LSM impl. However, as I understand

...s a permission denied error which leads me to > believe it may be an selinux (or similar) issue. I wouldn't be > surprised if sendmail works from the command line but fails when > executed from sieve because selinux has it blocked for sieve. > > If you're running selinux or apparmour or similar, check your logs for > that (audit log for selinux) and look for denials. You cna also try > setting selinux to permissive and trying the operation (setenforce 0). > > > Peter > I am wondering what that sendmail process is doing. > > As you can see, Dovecot w...

Hello. Is someone performing incremental backups via libvirt for qemu/kvm machines? I'm still having a hard time to find a nice procedure. I mean is it possible to make a full backup of an image on monday a do the next days of the week incremental backups? Another way could be mount the image and rsync its contents. Does that makes sense? Also i read in qemu changelog: --- Support for a

@requillart Don't get me wrong. It's no problem to use other partitions. Only, you have to add the location to the storage pool of libvirt... Sorry, no experience with gnome-boxes. @crequill Add a new storage pool with the destination /home/crequill/VM You can't fool apparmour with a link... Also with adding the storage pool, it's easier to get a clear picture of the usage of your storage resources in virt-manager -----Oorspronkelijk bericht----- Van: requillart@gmail.com [mailto:requillart@gmail.com] Namens crequill Verzonden: dinsdag 15 september 2015 19:24 Aan...

Hi all, I compiled a custom version of QEMU 2.0.0 and I am having hard times to make it available to libvirt. Just to clarify, if I execute /usr/local/bin/qemu-system-x86_64 it does performs good. But when I put this very same path to <emulator> tag in a domain configutation, when i start the domain I get error: Failed to start domain vm1 error: internal error: process exited while

I have successfully (I believe) built (rebuilt on Ubuntu 14.04), installed, and used libvirt 1.2.2. Behaviorally I can't tell the difference between what I've built and what Ubuntu distributes. Specifically, "virsh capabilities" shows this: <secmodel> <model>apparmor</model> <doi>0</doi> </secmodel>

Hello all. We start to use Dovecot at our email production but it runs not such fast as we expect. We use Dell 2950 with 4GbRAM at FreeBSD-7.0-p9 - load avarage never upper a 0.5 We have about 500 clients most of it use Outlook 2007 via IMAP. We run in this problems: 1) Sync of imap folder is really slow(I think it is Outlook problem) 2) Time after time we got Sync error from outlook 3) Time

...stdevSubsysUSB:1390 : Unable to create device > > //var/run/libvirt/lxc/oshi32134.dev/bus/usb//002//003: Operation not > > permitted > > Unable to create device > > //var/run/libvirt/lxc/oshi32134.dev/bus/usb//002//003: Operation not > > permitted > > Do you have AppArmour enabled on the machine. That seems like the > most likely thing that would result in libvirt getting that permission > error. > > Regards, > Daniel > -- > |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/:| > |: http://libvirt.org -o-...

...round postdrop). It's a permission denied error which leads me to believe it may be an selinux (or similar) issue. I wouldn't be surprised if sendmail works from the command line but fails when executed from sieve because selinux has it blocked for sieve. If you're running selinux or apparmour or similar, check your logs for that (audit log for selinux) and look for denials. You cna also try setting selinux to permissive and trying the operation (setenforce 0). Peter

hi all, i am new to the libvirt. Via libvirt i am converting my xen.com.sfg. In xen i added xsm label as, seclabel:system_u:domU_t. but after creating vm using xen or by convertdom-to-xml also does not contain any label or text with xen-4.2.1. in the documentation also you mentioned selinux label (sVirt) only. Can u clear me the following things: 1. How to use XSM label in libvirt.? 2. What

Hi Thomas, I'm using this script which leverages external snapshots and blockpull: https://github.com/dguerri/LibVirtKvm-scripts It's very simple and on ubuntu requires some tweaks on apparmour configuration. Hth Cheers, Davide -- Davide Guerri http://about.me/davide_guerri > On 20 Sep 2013, at 15:31, Thomas Stein <himbeere@meine-oma.de> wrote: > > Hello. > > Is someone performing incremental backups via libvirt for qemu/kvm machines? I'm still having a h...

...g qemu 1.7 I could use my > custom build, but apparently something changed with 2.0 (or with libvirt > integration). >From libvirt's POV the only things that should matter are - Permission for 'qemu:qemu' user/group to execute the binary (and access parent directories) - AppArmour profile support, or SELinux label (as appropriate for disto) Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpa...

...ng into the code. Try running libvirtd with LIBVIRT_LOG_FILTERS="1:qemu 1:security" LIBVIRT_LOG_OUTPUTS="1:stderr" /usr/sbin/libvirtd as it starts up you ought to see some messages about it trying to initialize the security drivers. If you're lucky one might tell you why apparmour was missing, if you compare the log messages from both builds. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpa...

Hi! First post, kind of a noobie. I've been working with LXC and libvirt for a few months now. Trying to do some interesting things with containers and Android devices :D I'm running ubuntu 13.10 with LXC 1.0.1 and tried both libvirt 1.1.1 and 1.2.2 (backported from ubuntu-trusty), but with either version of libvirt am getting issues as soon as I try to get access to USB devices inside

...ror : > virLXCControllerSetupHostdevSubsysUSB:1390 : Unable to create device > //var/run/libvirt/lxc/oshi32134.dev/bus/usb//002//003: Operation not > permitted > Unable to create device > //var/run/libvirt/lxc/oshi32134.dev/bus/usb//002//003: Operation not > permitted Do you have AppArmour enabled on the machine. That seems like the most likely thing that would result in libvirt getting that permission error. Regards, Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :|...

...d error which leads me to >> believe it may be an selinux (or similar) issue. I wouldn't be >> surprised if sendmail works from the command line but fails when >> executed from sieve because selinux has it blocked for sieve. >> >> If you're running selinux or apparmour or similar, check your logs for >> that (audit log for selinux) and look for denials. You cna also try >> setting selinux to permissive and trying the operation (setenforce 0). >> >> >> Peter > >> I am wondering what that sendmail process is doing. >&gt...

...t > Don't get me wrong. It's no problem to use other partitions. Only, you have to add the location to the storage pool of libvirt... > Sorry, no experience with gnome-boxes. > > @crequill > Add a new storage pool with the destination /home/crequill/VM > You can't fool apparmour with a link... > Also with adding the storage pool, it's easier to get a clear picture of the usage of your storage resources in virt-manager > > > > > -----Oorspronkelijk bericht----- > Van: requillart@gmail.com [mailto:requillart@gmail.com] Namens crequill > Verzonden:...