ubuntu16.04 下libvirtd调用ovs

项目需求，编译ovs最新的代码。相关的工具，ovs-vsctl、ovs-dpctl等被安装到/usr/local/bin目录下。安装编译完成后，使用virtmanager启动虚拟机失败。查看syslog发现如下的日志：

May  9 18:22:50 liuyao kernel: [ 2450.261787] audit: type=1400 audit(1525861370.039:65): apparmor="DENIED" operation="exec" profile="/usr/sbin/libvirtd" name="/usr/local/bin/ovs-vsctl" pid=7631 comm="libvirtd" requested_mask="x" denied_mask="x" fsuid=0 ouid=0
May  9 18:22:50 liuyao libvirtd[5499]: internal error: Unable to add port fw2_0 to OVS bridge internal
May  9 18:22:50 liuyao kernel: [ 2450.588343] audit: type=1400 audit(1525861370.367:66): apparmor="STATUS" operation="profile_remove" profile="unconfined" name="libvirt-fcb1ae08-94a6-4cc0-bf9c-e561f3b8585f" pid=7641 comm="apparmor_parser"
May  9 18:22:50 liuyao libvirtd[5499]: internal error: Unable to delete port fw2_0 from OVS

上面的信息显示，libvirtd在调用ovs-vsctl命令时被apparmor阻止。默认该权限控制文件为/etc/apparmor.d/usr.sbin.libvirtd。在该文件中添加

1	/usr/local/bin/* PUx,

然后执行下面的命令，虚拟机即可正常启动。

sudo  apparmor_parser -R /etc/apparmor.d/usr.sbin.libvirtd
sudo apparmor_parser -R /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper
sudo systemctl stop apparmor
sudo systemctl status apparmor

ubuntu16.04 下libvirtd调用ovs

近期文章

近期评论

标签

热门

文章归档

分类目录

功能