%20%E4%B8%8A%E5%90%AF%E5%8A%A8%20lxc%20%E5%90%8E%E5%87%BA%E7%8E%B0%E2%80%9C%E6%97%A0%E6%95%88%E7%9A%84%20VM%20%E5%AE%9A%E4%B9%89%E2%80%9D.png)
我正在尝试在较新版本的 libvirtd 上启动 LXC,但启动失败并出现以下错误:
$ virsh -c lxc: start textlxc
error: Failed to start domain testlxc
error: internal error: cannot load AppArmor profile 'libvirt-dfb2c573-05cb-4ca3-9e46-bea6cebf0f9f'
错误消息/var/log/libvirt/libvirtd.log
2015-06-23 12:13:12.306+0000: 14141: error : virCommandWait:2532 : internal error: Child process (/usr/lib/libvirt/virt-aa-helper -p 0 -c -u libvirt-dfb2c573-05cb-4ca3-9e46-bea6cebf0f9f) unexpected exit status 1: virt-aa-helper: error: /proc/meminfo
virt-aa-helper: error: skipped restricted file
virt-aa-helper: error: invalid VM definition
2015-06-23 12:13:12.306+0000: 14141: error : AppArmorGenSecurityLabel:468 : internal error: cannot load AppArmor profile 'libvirt-dfb2c573-05cb-4ca3-9e46-bea6cebf0f9f'
这是我的测试lxc.xml文件
<domain type='lxc'>
<name>testlxc</name>
<uuid>dfb2c573-05cb-4ca3-9e46-bea6cebf0f9f</uuid>
<memory unit='KiB'>4048292</memory>
<currentMemory unit='KiB'>4048292</currentMemory>
<vcpu placement='static'>2</vcpu>
<resource>
<partition>/machine</partition>
</resource>
<os>
<type arch='x86_64'>exe</type>
<init>/sbin/init</init>
</os>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>destroy</on_crash>
<devices>
<emulator>/usr/lib/libvirt/libvirt_lxc</emulator>
<filesystem type='mount' accessmode='passthrough'>
<source dir='/var/lib/libvirt/filesystems/testlxc'/>
<target dir='/'/>
</filesystem>
<filesystem type='mount' accessmode='passthrough'>
<source dir='/var/lib/libvirt/filesystems/testlxc-data'/>
<target dir='/mnt/data'/>
</filesystem>
<filesystem type='mount' accessmode='passthrough'>
<source dir='/var/run/testlxc/lxc'/>
<target dir='/mnt/run'/>
</filesystem>
<filesystem type='mount' accessmode='passthrough'>
<source dir='/proc/meminfo'/>
<target dir='/proc/meminfo'/>
</filesystem>
<console type='pty' tty='/dev/pts/1'>
<source path='/dev/pts/1'/>
<target type='lxc' port='0'/>
<alias name='console0'/>
</console>
</devices>
</domain>
运行的Libvirt版本是1.2.12,之前我曾在1.2.2版本上成功运行过lxc。
$ libvirtd --version
libvirtd (libvirt) 1.2.12
答案1
我已将问题追溯到virt-aa-helper实用程序中的域 XML 验证。该实用程序应该根据需要生成 apparmor 配置文件。失败的不是 XML 结构,但报告的错误似乎表明情况确实如此。LXC容器virDomainDefParseXML中的函数函数内的逻辑验证domain_conf.c已损坏。
我不太熟悉 libvirt 代码,无法修改这个共享区域 —— 我可能破坏了其他东西,但以下补丁似乎有效:
if (!(flags & VIR_DOMAIN_DEF_PARSE_SKIP_OSTYPE_CHECKS)) {
/* If the logic here seems fairly arbitrary, that's because it is :)
* This is duplicating how the code worked before
* CapabilitiesDomainDataLookup was added. We can simplify this,
* but it would take a bit of work because the test suite fails
* in numerous minor ways. */
bool use_virttype = ((def->os.arch == VIR_ARCH_NONE) ||
!def->os.machine);
virCapsDomainDataPtr capsdata = NULL;
读书
if (!(flags & VIR_DOMAIN_DEF_PARSE_SKIP_OSTYPE_CHECKS)) {
/* If the logic here seems fairly arbitrary, that's because it is :)
* This is duplicating how the code worked before
* CapabilitiesDomainDataLookup was added. We can simplify this,
* but it would take a bit of work because the test suite fails
* in numerous minor ways. */
bool use_virttype = (def->os.type != VIR_DOMAIN_OS_TYPE_EXE) &&
((def->os.arch == VIR_ARCH_NONE) ||
!def->os.machine);
virCapsDomainDataPtr capsdata = NULL;
不幸的是,我找不到不重新编译就能解决这个问题的方法。如果你使用的是 64 位机器,你可以从下载我本地构建的软件包此链接(抱歉,我的微软账户)。
笔记:要查看您是否受到此错误的影响,请在命令提示符中输入以下内容(复制自此论坛帖子):
$ export VM=foo ; virsh -c lxc:// dumpxml $VM |\
sudo /usr/lib/libvirt/virt-aa-helper -c \
-u libvirt-`virsh -c lxc:// domuuid $VM`
失败的 lxc 容器的名称在哪里foo。如果您看到输出
virt-aa-helper: error: could not parse XML
virt-aa-helper: error: could not get VM definition
那么很可能是同一个错误。