Test suite: libvirt vs. AppArmor in buster
Trying to run the test suite on a newly installed buster system (with
AppArmor enabled), I’ve adjusted the
TEMPLATE.qemu file as instructed
/home/kibi/TT as my Tails Toaster directory), but I’m
Apr 06 16:55:43 hamburg libvirtd: Child quit during startup handshake: I/O error Apr 06 16:55:43 hamburg libvirtd: internal error: Process exited prior to exec: libvirt: error : unable to set AppArmor profile 'libvirt-203552d5-819c-41f3-800e-2c8ef2545404' for '/usr/bin/qemu-system-x86_64': No such file or directory
but all the mentioned files seem around just fine:
kibi@hamburg:~/work/clients/tails/release/release-checkout$ ls -l /etc/apparmor.d/libvirt total 16 -rw-r--r-- 1 root root 316 Apr 6 16:55 libvirt-203552d5-819c-41f3-800e-2c8ef2545404 -rw-r--r-- 1 root root 506 Apr 6 16:55 libvirt-203552d5-819c-41f3-800e-2c8ef2545404.files -rw-r--r-- 1 root root 342 Dec 5 00:22 TEMPLATE.lxc -rw-r--r-- 1 root root 215 Apr 6 16:45 TEMPLATE.qemu kibi@hamburg:~/work/clients/tails/release/release-checkout$ ls -l /usr/bin/qemu-system-x86_64 -rwxr-xr-x 1 root root 14204992 Mar 20 12:40 /usr/bin/qemu-system-x86_64
Until this is figured out, instead of disabling AppArmor entirely, one
can disable it in libvirtd only, by setting this in
/etc/libvirt/qemu.conf and restarting the
security_driver = "none"
In passing, it would be nice to add some details in
AppArmor tweaks --------------- If you have AppArmor enabled: * You need to add the `/tmp/TailsToaster/** rwk,` line to `/etc/apparmor.d/libvirt/TEMPLATE.qemu`, in the `profile LIBVIRT_TEMPLATE` section; then delete `/etc/apparmor.d/libvirt/libvirt-*` and retry. On Debian Stretch, if you use a custom `TMPDIR` to run the test suite, replace `/tmp/TailsToaster` with the value of that `$TMPDIR`.
- what does “retry” mean? I’ve tried rebooting entirely just to be sure.
- and I suppose the “On Debian Stretch” part can go away now that we can run the test suite on Buster+?