Displaying 20 results from an estimated 34 matches for "apparmour".
Did you mean:
apparmor
2013 Aug 12
1
Re: Bridging Wireless Cards for KVM
...> "/dev/net/tun",
> ]
You did restart libvirtd after making those setting changes, right ?
The user, group & clear_emulator_capabilities settings are the 3 that
matter here & you have them correctly set.
> I am running Ubuntu 12, which does not use SELinux.
It has apparmour though, which possibly denies access to /dev/net/tun
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|...
2019 Oct 23
1
dns_tkey_negotiategss: TKEY is unacceptable
I found another reason for this error: dns_tkey_negotiategss: TKEY is unacceptable
After much head scratching it was due to the Apparmour configuration recommended in the WiKi at:
https://wiki.samba.org/index.php/BIND9_DLZ_AppArmor_and_SELinux_Integration
The section for Apparmor which recommends adding lines to /etc/apparmor.d/local/usr.sbin.named, I had to change the line:
from:
/usr/local/samba/private/dns.keytab r,
to:
/usr/...
2013 Sep 20
2
Re: Incremental Backups
Hi Davide,
> Hi Thomas,
> I'm using this script which leverages
external snapshots and blockpull:
https://github.com/dguerri/LibVirtKvm-scripts [1]
>
> It's very simple
and on ubuntu requires some tweaks on apparmour configuration.
Would it
be hard to adapt this script for LVM-backed VMs?
[]s, Fernando Lozano
Links:
------
[1] https://github.com/dguerri/LibVirtKvm-scripts
2013 Nov 20
1
libvirt-sandbox on Ubuntu with SELinux
I'm attempting to build/use libvirt-sandbox on Ubuntu 12.xx. Although
I'm still working through dependency issues (including the need for
libvirt >= 1.0.2 which is not packaged for ubuntu 12.xx) to build the
sandbox code, I have a forward looking question.
It appears libvirt-bin for Ubuntu likes apparmor as does most Ubuntu
based packages using a LSM impl. However, as I understand
2018 Jan 03
3
Updated Dovecot 2.3.0 now getting 2 strange log errors
...s a permission denied error which leads me to
> believe it may be an selinux (or similar) issue. I wouldn't be
> surprised if sendmail works from the command line but fails when
> executed from sieve because selinux has it blocked for sieve.
>
> If you're running selinux or apparmour or similar, check your logs for
> that (audit log for selinux) and look for denials. You cna also try
> setting selinux to permissive and trying the operation (setenforce 0).
>
>
> Peter
> I am wondering what that sendmail process is doing.
>
> As you can see, Dovecot w...
2013 Sep 20
5
Incremental Backups
Hello.
Is someone performing incremental backups via libvirt for qemu/kvm
machines? I'm still having a hard time to
find a nice procedure. I mean is it possible to make a full backup of an
image on monday a do the next days of the week
incremental backups?
Another way could be mount the image and rsync its contents. Does that
makes sense?
Also i read in qemu changelog:
---
Support for a
2015 Sep 16
2
Re: libvirt 1.19: could not open drive file (permission denied)
@requillart
Don't get me wrong. It's no problem to use other partitions. Only, you have to add the location to the storage pool of libvirt...
Sorry, no experience with gnome-boxes.
@crequill
Add a new storage pool with the destination /home/crequill/VM
You can't fool apparmour with a link...
Also with adding the storage pool, it's easier to get a clear picture of the usage of your storage resources in virt-manager
-----Oorspronkelijk bericht-----
Van: requillart@gmail.com [mailto:requillart@gmail.com] Namens crequill
Verzonden: dinsdag 15 september 2015 19:24
Aan...
2014 Sep 18
2
Using custom QEMU binaries with libvirt
Hi all,
I compiled a custom version of QEMU 2.0.0 and I am having hard times to
make it available to libvirt. Just to clarify, if I execute
/usr/local/bin/qemu-system-x86_64
it does performs good. But when I put this very same path to <emulator>
tag in a domain configutation, when i start the domain I get
error: Failed to start domain vm1
error: internal error: process exited while
2014 Sep 25
2
Missing security model in 1.2.8?
I have successfully (I believe) built (rebuilt on Ubuntu 14.04), installed, and used libvirt 1.2.2. Behaviorally I can't tell the difference between what I've built and what Ubuntu distributes.
Specifically, "virsh capabilities" shows this:
<secmodel>
<model>apparmor</model>
<doi>0</doi>
</secmodel>
2009 Jan 20
3
Dovecot optimisation
Hello all.
We start to use Dovecot at our email production but it runs not such
fast as we expect.
We use Dell 2950 with 4GbRAM at FreeBSD-7.0-p9 - load avarage never
upper a 0.5
We have about 500 clients most of it use Outlook 2007 via IMAP.
We run in this problems:
1) Sync of imap folder is really slow(I think it is Outlook problem)
2) Time after time we got Sync error from outlook
3) Time
2014 Apr 16
2
Re: LXC + USB passthrough = Operation not permitted
...stdevSubsysUSB:1390 : Unable to create device
> > //var/run/libvirt/lxc/oshi32134.dev/bus/usb//002//003: Operation not
> > permitted
> > Unable to create device
> > //var/run/libvirt/lxc/oshi32134.dev/bus/usb//002//003: Operation not
> > permitted
>
> Do you have AppArmour enabled on the machine. That seems like the
> most likely thing that would result in libvirt getting that permission
> error.
>
> Regards,
> Daniel
> --
> |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/:|
> |: http://libvirt.org -o-...
2018 Jan 02
0
Updated Dovecot 2.3.0 now getting 2 strange log errors
...round postdrop). It's a permission denied error which leads me to
believe it may be an selinux (or similar) issue. I wouldn't be
surprised if sendmail works from the command line but fails when
executed from sieve because selinux has it blocked for sieve.
If you're running selinux or apparmour or similar, check your logs for
that (audit log for selinux) and look for denials. You cna also try
setting selinux to permissive and trying the operation (setenforce 0).
Peter
2013 Aug 06
1
LIbvirt seclabel.
hi all,
i am new to the libvirt. Via libvirt i am converting my xen.com.sfg.
In xen i added xsm label as, seclabel:system_u:domU_t.
but after creating vm using xen or by convertdom-to-xml also does not
contain any label or text with xen-4.2.1.
in the documentation also you mentioned selinux label (sVirt) only. Can u
clear me the following things:
1. How to use XSM label in libvirt.?
2. What
2013 Sep 20
0
Re: Incremental Backups
Hi Thomas,
I'm using this script which leverages external snapshots and blockpull: https://github.com/dguerri/LibVirtKvm-scripts
It's very simple and on ubuntu requires some tweaks on apparmour configuration.
Hth
Cheers,
Davide
--
Davide Guerri
http://about.me/davide_guerri
> On 20 Sep 2013, at 15:31, Thomas Stein <himbeere@meine-oma.de> wrote:
>
> Hello.
>
> Is someone performing incremental backups via libvirt for qemu/kvm machines? I'm still having a h...
2014 Sep 18
0
Re: Using custom QEMU binaries with libvirt
...g qemu 1.7 I could use my
> custom build, but apparently something changed with 2.0 (or with libvirt
> integration).
>From libvirt's POV the only things that should matter are
- Permission for 'qemu:qemu' user/group to execute the binary (and access
parent directories)
- AppArmour profile support, or SELinux label (as appropriate for disto)
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpa...
2014 Sep 26
0
Re: Missing security model in 1.2.8?
...ng into the code.
Try running libvirtd with
LIBVIRT_LOG_FILTERS="1:qemu 1:security" LIBVIRT_LOG_OUTPUTS="1:stderr" /usr/sbin/libvirtd
as it starts up you ought to see some messages about it trying to initialize
the security drivers. If you're lucky one might tell you why apparmour was
missing, if you compare the log messages from both builds.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpa...
2014 Apr 12
2
LXC + USB passthrough = Operation not permitted
Hi!
First post, kind of a noobie. I've been working with LXC and libvirt for a
few months now. Trying to do some interesting things with containers and
Android devices :D
I'm running ubuntu 13.10 with LXC 1.0.1 and tried both libvirt 1.1.1 and
1.2.2 (backported from ubuntu-trusty), but with either version of libvirt
am getting issues as soon as I try to get access to USB devices inside
2014 Apr 15
0
Re: LXC + USB passthrough = Operation not permitted
...ror :
> virLXCControllerSetupHostdevSubsysUSB:1390 : Unable to create device
> //var/run/libvirt/lxc/oshi32134.dev/bus/usb//002//003: Operation not
> permitted
> Unable to create device
> //var/run/libvirt/lxc/oshi32134.dev/bus/usb//002//003: Operation not
> permitted
Do you have AppArmour enabled on the machine. That seems like the
most likely thing that would result in libvirt getting that permission
error.
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|...
2018 Jan 03
0
Updated Dovecot 2.3.0 now getting 2 strange log errors
...d error which leads me to
>> believe it may be an selinux (or similar) issue. I wouldn't be
>> surprised if sendmail works from the command line but fails when
>> executed from sieve because selinux has it blocked for sieve.
>>
>> If you're running selinux or apparmour or similar, check your logs for
>> that (audit log for selinux) and look for denials. You cna also try
>> setting selinux to permissive and trying the operation (setenforce 0).
>>
>>
>> Peter
>
>> I am wondering what that sendmail process is doing.
>>...
2015 Sep 16
0
Re: libvirt 1.19: could not open drive file (permission denied)
...t
> Don't get me wrong. It's no problem to use other partitions. Only, you have to add the location to the storage pool of libvirt...
> Sorry, no experience with gnome-boxes.
>
> @crequill
> Add a new storage pool with the destination /home/crequill/VM
> You can't fool apparmour with a link...
> Also with adding the storage pool, it's easier to get a clear picture of the usage of your storage resources in virt-manager
>
>
>
>
> -----Oorspronkelijk bericht-----
> Van: requillart@gmail.com [mailto:requillart@gmail.com] Namens crequill
> Verzonden:...