Ubuntu
libvirt package

libvirt-qemu profile needs /dev/shm/spice-* rule for systemd hosts.

Bug #1365163 reported by Anders Kaseorg
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
libvirt (Ubuntu)
Fix Released
Medium
Serge Hallyn

Bug Description

I tried to create a VM with virt-manager (importing an existing disk image), and it failed as follows.

Unable to complete install: 'internal error: early end of file from monitor: possible problem:
((null):31266): Spice-ERROR **: reds.c:3213:do_spice_init: statistics shm_open failed, Permission denied
'

Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 91, in cb_wrapper
    callback(asyncjob, *args, **kwargs)
  File "/usr/share/virt-manager/virtManager/create.py", line 1820, in do_install
    guest.start_install(meter=meter)
  File "/usr/share/virt-manager/virtinst/guest.py", line 403, in start_install
    noboot)
  File "/usr/share/virt-manager/virtinst/guest.py", line 467, in _create_guest
    dom = self.conn.createLinux(start_xml or final_xml, 0)
  File "/usr/lib/python2.7/dist-packages/libvirt.py", line 3320, in createLinux
    if ret is None:raise libvirtError('virDomainCreateLinux() failed', conn=self)
libvirtError: internal error: early end of file from monitor: possible problem:
((null):31266): Spice-ERROR **: reds.c:3213:do_spice_init: statistics shm_open failed, Permission denied

ProblemType: Crash
DistroRelease: Ubuntu 14.10
Package: qemu-system-x86 2.1+dfsg-3ubuntu3
ProcVersionSignature: Ubuntu 3.16.0-12.18-generic 3.16.1
Uname: Linux 3.16.0-12-generic x86_64
NonfreeKernelModules: openafs
ApportVersion: 2.14.7-0ubuntu1
Architecture: amd64
Date: Wed Sep 3 17:27:17 2014
EcryptfsInUse: Yes
ExecutablePath: /usr/bin/qemu-system-x86_64
InstallationDate: Installed on 2014-08-22 (12 days ago)
InstallationMedia: Ubuntu-GNOME 14.10 "Utopic Unicorn" - Alpha amd64 (20140730)
KvmCmdLine:
 COMMAND STAT EUID RUID PID PPID %CPU COMMAND
 kvm-irqfd-clean S< 0 0 29001 2 0.0 [kvm-irqfd-clean]
MachineType: LENOVO 20349
ProcEnviron: PATH=(custom, no user)
ProcKernelCmdLine: BOOT_IMAGE=/@/boot/vmlinuz-3.16.0-12-generic.efi.signed root=/dev/mapper/fcntl-ubuntu ro rootflags=subvol=@ quiet splash init=/lib/systemd/systemd vt.handoff=7
Signal: 6
SourcePackage: qemu
StacktraceTop:
 ?? () from /usr/lib/x86_64-linux-gnu/libspice-server.so.1
 ?? () from /usr/lib/x86_64-linux-gnu/libspice-server.so.1
 spice_server_init () from /usr/lib/x86_64-linux-gnu/libspice-server.so.1
 ?? ()
 ?? ()
Title: qemu-system-x86_64 crashed with SIGABRT in spice_server_init()
UpgradeStatus: No upgrade log present (probably fresh install)
UserGroups:

dmi.bios.date: 05/27/2014
dmi.bios.vendor: LENOVO
dmi.bios.version: 9ECN26WW(V1.09)
dmi.board.asset.tag: 31900058Std
dmi.board.name: Lenovo Y50-70 Touch
dmi.board.vendor: LENOVO
dmi.board.version: 31900058Std
dmi.chassis.asset.tag: 31900058Std
dmi.chassis.type: 10
dmi.chassis.vendor: LENOVO
dmi.chassis.version: Lenovo Y50-70 Touch
dmi.modalias: dmi:bvnLENOVO:bvr9ECN26WW(V1.09):bd05/27/2014:svnLENOVO:pn20349:pvrLenovoY50-70Touch:rvnLENOVO:rnLenovoY50-70Touch:rvr31900058Std:cvnLENOVO:ct10:cvrLenovoY50-70Touch:
dmi.product.name: 20349
dmi.product.version: Lenovo Y50-70 Touch
dmi.sys.vendor: LENOVO

Revision history for this message
Anders Kaseorg (andersk) wrote :
Revision history for this message
Apport retracing service (apport) wrote :

StacktraceTop:
 spice_logv (log_domain=0x7f705ff9bf10 "Spice", log_level=SPICE_LOG_LEVEL_ERROR, strloc=0x7f705ffa74f1 "reds.c:3213", function=0x7f705ffa8d30 <__FUNCTION__.29529> "do_spice_init", format=0x7f705ffa8488 "statistics shm_open failed, %s", args=args@entry=0x7fffe9fd11b8) at log.c:109
 spice_log (log_domain=log_domain@entry=0x7f705ff9bf10 "Spice", log_level=log_level@entry=SPICE_LOG_LEVEL_ERROR, strloc=strloc@entry=0x7f705ffa74f1 "reds.c:3213", function=function@entry=0x7f705ffa8d30 <__FUNCTION__.29529> "do_spice_init", format=format@entry=0x7f705ffa8488 "statistics shm_open failed, %s") at log.c:123
 do_spice_init (core_interface=<optimized out>) at reds.c:3213
 spice_server_init (s=<optimized out>, core=<optimized out>) at reds.c:3287
 qemu_spice_init () at /build/buildd/qemu-2.1+dfsg/ui/spice-core.c:806

Revision history for this message
Apport retracing service (apport) wrote : Stacktrace.txt
Revision history for this message
Apport retracing service (apport) wrote : StacktraceSource.txt
Revision history for this message
Apport retracing service (apport) wrote : ThreadStacktrace.txt
Changed in qemu (Ubuntu):
importance: Undecided → Medium
summary: - qemu-system-x86_64 crashed with SIGABRT in spice_server_init()
+ qemu-system-x86_64 crashed with SIGABRT in spice_logv()
tags: removed: need-amd64-retrace
Revision history for this message
Anders Kaseorg (andersk) wrote : Re: qemu-system-x86_64 crashed with SIGABRT in spice_logv()

Seems to be an apparmor problem, given this kernel message:

[18863.831346] audit: type=1400 audit(1409779637.619:110): apparmor="DENIED" operation="mknod" profile="libvirt-a83f3934-2f03-4915-80fd-67130bcf234b" name="/dev/shm/spice.31266" pid=31266 comm="qemu-system-x86" requested_mask="c" denied_mask="c" fsuid=123 ouid=123

Booting with apparmor=0 fixes it.

information type: Private → Public
Anders Kaseorg (andersk)
summary: - qemu-system-x86_64 crashed with SIGABRT in spice_logv()
+ apparmor breaks virt-manager creation [qemu-system-x86_64 crashed with
+ SIGABRT in spice_logv()]
Revision history for this message
Serge Hallyn (serge-hallyn) wrote : Re: [Bug 1365163] Re: qemu-system-x86_64 crashed with SIGABRT in spice_logv()

This is interesting. The apparmor policy includes the rule:

owner /run/shm/spice.* rw

/dev/shm is a symlink to /run/shm, so you should have the
needed permissions. Could you please show the results of

ls -ld /run/shm /dev/shm
ls -l /run/shm /dev/shm

 status: incomplete

Changed in qemu (Ubuntu):
status: New → Incomplete
Revision history for this message
Anders Kaseorg (andersk) wrote : Re: apparmor breaks virt-manager creation [qemu-system-x86_64 crashed with SIGABRT in spice_logv()]

Aha, that must be it: when booting with init=/lib/systemd/systemd, /run/shm is a symlink to /dev/shm, not the other way around.

Changed in qemu (Ubuntu):
status: Incomplete → New
tags: added: systemd-boot
Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Fascinating - thanks. So we should double up on those rules.

Changed in qemu (Ubuntu):
status: New → Triaged
summary: - apparmor breaks virt-manager creation [qemu-system-x86_64 crashed with
- SIGABRT in spice_logv()]
+ libvirt-qemu profile needs /dev/shm/spice-* rule for systemd hosts.
Serge Hallyn (serge-hallyn)
affects: qemu (Ubuntu) → libvirt (Ubuntu)
Revision history for this message
Felix Geyer (debfx) wrote :

The fix is to change the following in debian/apparmor/libvirt-qemu:

  /run/shm/ r,
  owner /run/shm/spice.* rw,
->
  /{dev,run}/shm/ r,
  owner /{dev,run}/shm/spice.* rw,

Marc Deslauriers (mdeslaur)
Changed in libvirt (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
Jamie Strandboge (jdstrand)
Changed in libvirt (Ubuntu):
assignee: Jamie Strandboge (jdstrand) → Serge Hallyn (serge-hallyn)
status: Triaged → In Progress
Revision history for this message
Serge Hallyn (serge-hallyn) wrote : Re: [Bug 1365163] Re: libvirt-qemu profile needs /dev/shm/spice-* rule for systemd hosts.

Thanks - the fix is sitting in 1.2.8-0ubuntu1 which we are currently
testing.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package libvirt - 1.2.8-0ubuntu1

---------------
libvirt (1.2.8-0ubuntu1) utopic; urgency=medium

  [ Chuck Short ]
  * New upstream release: (LP: #1367422)
    + Dropped:
      - debian/patches/ovs-delete-port-if-exists-while-adding-new-one
    + Refreshed:
      - debian/patches/add-cgmanager-support.patch
      - debian/patches/storage-default-permission-mode-to-0711

  [ Serge Hallyn ]
  * d/apparmor
    - install TEMPLATE.qemu and TEMPLATE.lxc
    - add libvirt-lxc abstraction, add permissions to it needed for
      a ubuntu container to start.
    - libvirt-qemu - add qemu-bridge-helper policy from upstream
    - libvirt-qemu - add qemu-microblaze allows from upstream
    - edit lxc.conf to enable apparmor by default (LP: #914716)
      (LP: #1008393) (LP: #1088295)
  * d/apparmor/libvirt-qemu: add /dev/shm as path to spice.* nodes
    for systemd case. (LP: #1365163)
  * d/p/9030-create-socket-dir - create session socket dir if
    needed (Should be replaced eventually by the upstream fix)
  * d/p/9032-lxc-allow-no-security-driver: don't fail if apparmor
    driver is not available (else the qa-regression-tests fail with
    skip_apparmor)
 -- Serge Hallyn <email address hidden> Mon, 15 Sep 2014 18:30:06 -0500

Changed in libvirt (Ubuntu):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.