Open maarten256 opened 3 months ago
@maarten256 Thanks for the investigation and a possible workaround of this. It looks like a permission thing between AppArmor and libvirtd, so I am not sure Multipass has control of that. At the same time, libvirt is becoming a deprecated backend in the Multipass ecosystem, so it is becoming a lower priority of the team.
I would suggest using other backends like qemu which is more robust and long-term supported. Thanks again for your contribution.
Describe the bug I set up my multipass to use the libvirt backend and was using it successfully until today.
I moved my multipass storage to a different location (following these instructions: https://multipass.run/docs/configure-multipass-storage) and then found that I was not able to create new VMs using multipass launch.
I'm really not sure if moving the storage location had something to do with it, but I mention it for completeness' sake. Note that with the new location, my pre-existing VMs still worked.
Using journalctl, I found the following appeared to be the most promising entry: Jul 03 01:13:07 audit[]: AVC apparmor="DENIED" operation="ptrace" profile="libvirtd" pid=xxxx comm="libvirtd" requested_mask="read" denied_mask="read" peer="snap.multipass.multipassd"
Jul 03 01:13:07 kernel: audit: type=1400 audit(1719969187.773:633): apparmor="DENIED" operation="ptrace" profile="libvirtd" pid=xxxx comm="libvirtd" requested_mask="read" denied_mask="read" peer="snap.multipass.multipassd"
Using this information, I amended the apparmor profile for libvirtd (/etc/apparmor.d/usr.sbin.libvirtd) and added:
ptrace (read,trace) peer=snap.multipass.multipassd,
This resolved the error and allowed multipass to create/launch the VM as I expected.
To Reproduce How, and what happened?
Expected behavior Even with storage outside of /var/snap, I can create VMs
Logs Refer to description.
Additional info
multipass version
-> 1.13.1multipass info
-> TMImultipass get local.driver
-> libvirtAdditional context Add any other context about the problem here.