vagrant-kvm on Linux Mint17(quina)/Ubuntu Trusty(14.04) cause permission error.

[miurahr]

Before start, I have a trusty box. I've installed vagrant 1.4.3, vagrant-kvm 0.1.7. then update vagrant 1.6.1 and vagrant-kvm 0.2.0dev(master/HEAD 2014.6.8).

Working on Linux Mint 17(quina). (Ubuntu Trusty 14.04 based)

$ vagrant up
Vagrant is upgrading some internal state for the latest version.
Please do not quit Vagrant at this time. While upgrading, Vagrant
will need to copy all your boxes, so it will use a considerable
amount of disk space. After it is done upgrading, the temporary disk
space will be freed.

Press ctrl-c now to exit if you want to remove some boxes or free
up some disk space.

Press any other key to continue.
Bringing machine 'default' up with 'kvm' provider...
==> default: Importing base box 'trusty'...
==> default: Change directory /home/miurahr/.vagrant.d/boxes permission from 40700 to 40701.
==> default: Matching MAC address for NAT networking...
==> default: Preparing network interfaces based on configuration...
==> default: Booting VM...
==> default: Destroying VM and associated drives...
/home/miurahr/.vagrant.d/gems/gems/vagrant-kvm-0.2.0.dev/lib/vagrant-kvm/driver/driver.rb:524:in `create': Call to virDomainCreateWithFlags failed: internal error: process exited while connecting to monitor: qemu-system-x86_64: -drive file=/home/miurahr/.vagrant.d/tmp/storage-pool/box-disk1-1402186906.img,if=none,id=drive-sata0-0-0,format=qcow2: could not open disk image /home/miurahr/.vagrant.d/tmp/storage-pool/box-disk1-1402186906.img: Could not open backing file: Could not open '/home/miurahr/.vagrant.d/boxes/trusty/0/kvm/box-disk1.img': Permission denied (Libvirt::Error)
    from /home/miurahr/.vagrant.d/gems/gems/vagrant-kvm-0.2.0.dev/lib/vagrant-kvm/driver/driver.rb:524:in `start'
    from /home/miurahr/.vagrant.d/gems/gems/vagrant-kvm-0.2.0.dev/lib/vagrant-kvm/action/boot.rb:14:in `call'
    from /opt/vagrant/embedded/gems/gems/vagrant-1.6.3/lib/vagrant/action/warden.rb:34:in `call'
    from /home/miurahr/.vagrant.d/gems/gems/vagrant-kvm-0.2.0.dev/lib/vagrant-kvm/action/forward_ports.rb:34:in `call'
    from /opt/vagrant/embedded/gems/gems/vagrant-1.6.3/lib/vagrant/action/warden.rb:34:in `call'
    from /home/miurahr/.vagrant.d/gems/gems/vagrant-kvm-0.2.0.dev/lib/vagrant-kvm/action/customize.rb:39:in `call'
    from /opt/vagrant/embedded/gems/gems/vagrant-1.6.3/lib/vagrant/action/warden.rb:34:in `call'
    from /opt/vagrant/embedded/gems/gems/vagrant-1.6.3/lib/vagrant/action/builtin/set_hostname.rb:16:in `call'
    from /opt/vagrant/embedded/gems/gems/vagrant-1.6.3/lib/vagrant/action/warden.rb:34:in `call'
    from /home/miurahr/.vagrant.d/gems/gems/vagrant-kvm-0.2.0.dev/lib/vagrant-kvm/action/prepare_nfs_settings.rb:11:in `call'
    from /opt/vagrant/embedded/gems/gems/vagrant-1.6.3/lib/vagrant/action/warden.rb:34:in `call'

(snip)

    from /opt/vagrant/embedded/gems/gems/vagrant-1.6.3/lib/vagrant/machine.rb:173:in `block in action'
    from /opt/vagrant/embedded/gems/gems/vagrant-1.6.3/lib/vagrant/environment.rb:434:in `lock'
    from /opt/vagrant/embedded/gems/gems/vagrant-1.6.3/lib/vagrant/machine.rb:161:in `call'
    from /opt/vagrant/embedded/gems/gems/vagrant-1.6.3/lib/vagrant/machine.rb:161:in `action'
    from /opt/vagrant/embedded/gems/gems/vagrant-1.6.3/lib/vagrant/batch_action.rb:82:in `block (2 levels) in run'

[miurahr]

libvirt-bin: 1.2.2-0ubuntu3 qemu: 2.0.0~rc1+dfsg-0ubuntu3 kernel Linux tuna 3.13.0-24-generic #46-Ubuntu SMP Thu Apr 10 19:11:08 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux

[miurahr]

audit log shows apparmor deny it.

Jun  8 09:26:13 tuna kernel: [33901.090187] type=1400 audit(1402187173.746:81): apparmor="DENIED" operation="open" profile="libvirt-7e96ebdc-d0cc-4c30-9112-64d5aa9955c0" name="/home/miurahr/.vagrant.d/boxes/trusty/0/kvm/box-disk1.img" pid=19976 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=118 ouid=118
Jun  8 09:26:13 tuna kernel: [33901.090212] type=1400 audit(1402187173.746:82): apparmor="DENIED" operation="open" profile="libvirt-7e96ebdc-d0cc-4c30-9112-64d5aa9955c0" name="/home/miurahr/.vagrant.d/boxes/trusty/0/kvm/box-disk1.img" pid=19976 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=118 ouid=118
Jun  8 09:26:13 tuna kernel: [33901.090251] type=1400 audit(1402187173.746:83): apparmor="DENIED" operation="open" profile="libvirt-7e96ebdc-d0cc-4c30-9112-64d5aa9955c0" name="/home/miurahr/.vagrant.d/boxes/trusty/0/kvm/box-disk1.img" pid=19976 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=118 ouid=118

[miurahr]

work around https://github.com/adrahon/vagrant-kvm/#ubuntu solve problem. This may not be vagrant-kvm bug but Ubuntu/Mint bug.

[miurahr]

change title and close.

[miurahr]

changelog of ubuntu kernel shows revert of apparmor fix.

linux (3.13.0-21.43) trusty; urgency=low

  [ John Johansen ]

  * Revert "SAUCE: Add config option to disable new apparmor 3 semantics"
  * Revert "SAUCE: apparmor: fix uninitialized lsm_audit membe"
  * Revert "SAUCE: (no-up) apparmor: Fix tasks not subject to, reloaded
    policy"
  * Revert "SAUCE: apparmor: allocate path lookup buffers during init"
  * Revert "SAUCE: apparmor: fix unix domain sockets to be mediated on
    connection"
  * Revert "SAUCE: (no-up) apparmor: Sync to apparmor 3 - alpha 4 snapshot"
  * SAUCE: (no-up) apparmor: Sync to apparmor3 - alpha6 snapshot
    - LP: #1298611

caused by https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1298611

This is a regression of kernel.

[miurahr]

https://bugs.launchpad.net/linux/+bug/1327687 reported to Ubuntu BTS.

[miurahr]

I changed title again to clarify a problem.

[miurahr]

It works with recent update of linux-image-3.13.0-24-generic and libvirt-bin from trusty-update repository.