我正在尝试在较新版本的 libvirtd 上启动 LXC,但启动失败并出现以下错误:
$ virsh -c lxc: start textlxc
error: Failed to start domain testlxc
error: internal error: cannot load AppArmor profile 'libvirt-dfb2c573-05cb-4ca3-9e46-bea6cebf0f9f'
/var/log/libvirt/libvirtd.log 中的错误消息
2015-06-23 12:13:12.306+0000: 14141: error : virCommandWait:2532 : internal error: Child process (/usr/lib/libvirt/virt-aa-helper -p 0 -c -u libvirt-dfb2c573-05cb-4ca3-9e46-bea6cebf0f9f) unexpected exit status 1: virt-aa-helper: error: /proc/meminfo
virt-aa-helper: error: skipped restricted file
virt-aa-helper: error: invalid VM definition
2015-06-23 12:13:12.306+0000: 14141: error : AppArmorGenSecurityLabel:468 : internal error: cannot load AppArmor profile 'libvirt-dfb2c573-05cb-4ca3-9e46-bea6cebf0f9f'
这是我的testlxc.xml文件
<domain type='lxc'>
<name>testlxc</name>
<uuid>dfb2c573-05cb-4ca3-9e46-bea6cebf0f9f</uuid>
<memory unit='KiB'>4048292</memory>
<currentMemory unit='KiB'>4048292</currentMemory>
<vcpu placement='static'>2</vcpu>
<resource>
<partition>/machine</partition>
</resource>
<os>
<type arch='x86_64'>exe</type>
<init>/sbin/init</init>
</os>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/lib/libvirt/libvirt_lxc</emulator>
<filesystem type='mount' accessmode='passthrough'>
<source dir='/var/lib/libvirt/filesystems/testlxc'/>
<target dir='/'/>
</filesystem>
<filesystem type='mount' accessmode='passthrough'>
<source dir='/var/lib/libvirt/filesystems/testlxc-data'/>
<target dir='/mnt/data'/>
</filesystem>
<filesystem type='mount' accessmode='passthrough'>
<source dir='/var/run/testlxc/lxc'/>
<target dir='/mnt/run'/>
</filesystem>
<filesystem type='mount' accessmode='passthrough'>
<source dir='/proc/meminfo'/>
<target dir='/proc/meminfo'/>
</filesystem>
<console type='pty' tty='/dev/pts/1'>
<source path='/dev/pts/1'/>
<target type='lxc' port='0'/>
<alias name='console0'/>
</console>
</devices>
</domain>
运行的 Libvirt 版本是 1.2.12,我之前一直在 1.2.2 版本上成功运行 lxc。
$ libvirtd --version
libvirtd (libvirt) 1.2.12
我已经将问题追溯到virt-aa-helper实用程序中的域 XML 验证。这是应该根据需要生成 apparmor 配置文件的实用程序。失败的不是XML的结构,而是报告的错误似乎表明情况确实如此。对于 LXC 容器,函数virDomainDefParseXML函数内部的逻辑验证domain_conf.c被破坏。
我对 libvirt 代码不够熟悉,无法修改此共享区域 - 我可能破坏了其他东西,但以下补丁似乎有效:
if (!(flags & VIR_DOMAIN_DEF_PARSE_SKIP_OSTYPE_CHECKS)) {
/* If the logic here seems fairly arbitrary, that's because it is :)
* This is duplicating how the code worked before
* CapabilitiesDomainDataLookup was added. We can simplify this,
* but it would take a bit of work because the test suite fails
* in numerous minor ways. */
bool use_virttype = ((def->os.arch == VIR_ARCH_NONE) ||
!def->os.machine);
virCapsDomainDataPtr capsdata = NULL;
阅读
if (!(flags & VIR_DOMAIN_DEF_PARSE_SKIP_OSTYPE_CHECKS)) {
/* If the logic here seems fairly arbitrary, that's because it is :)
* This is duplicating how the code worked before
* CapabilitiesDomainDataLookup was added. We can simplify this,
* but it would take a bit of work because the test suite fails
* in numerous minor ways. */
bool use_virttype = (def->os.type != VIR_DOMAIN_OS_TYPE_EXE) &&
((def->os.arch == VIR_ARCH_NONE) ||
!def->os.machine);
virCapsDomainDataPtr capsdata = NULL;
不幸的是,我找不到不重新编译的方法来解决这个问题。如果你使用的是 64 位机器,你可以从这个链接下载我在本地构建的包(原谅我的 Microsoft 帐户)。
注意:要查看您是否受到此错误的影响,请在命令提示符中输入以下内容(从该论坛帖子中复制):
$ export VM=foo ; virsh -c lxc:// dumpxml $VM |\
sudo /usr/lib/libvirt/virt-aa-helper -c \
-u libvirt-`virsh -c lxc:// domuuid $VM`
foo失败的 lxc 容器的名称在哪里。如果你看到输出
virt-aa-helper: error: could not parse XML
virt-aa-helper: error: could not get VM definition
那么可能是同样的错误。
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句