1

I recently got hugepages working with Ubuntu 22.04 and an Ubuntu 24.04 guest. It was very easy, I just enabled it in /etc/sysctl.conf and that seemed to be it.

I upgraded the host of 24.04 today. hugepages now cause permission errors with virt-manager in the same guest.

Error starting domain: internal error: QEMU unexpectedly closed the monitor (vm='ubuntu24.04'): 2024-07-16T02:27:17.591625Z qemu-system-x86_64: failed to resize memfd to 17179869184: Permission denied

Error starting domain: internal error: QEMU unexpectedly closed the monitor (vm='ubuntu24.04'): 2024-07-16T02:44:28.703713Z qemu-system-x86_64: failed to resize memfd to 17179869184: Permission denied

Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/asyncjob.py", line 72, in cb_wrapper callback(asyncjob, *args, **kwargs) File "/usr/share/virt-manager/virtManager/asyncjob.py", line 108, in tmpcb callback(*args, **kwargs) File "/usr/share/virt-manager/virtManager/object/libvirtobject.py", line 57, in newfn ret = fn(self, *args, **kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/share/virt-manager/virtManager/object/domain.py", line 1402, in startup self._backend.create() File "/usr/lib/python3/dist-packages/libvirt.py", line 1379, in create raise libvirtError('virDomainCreate() failed') libvirt.libvirtError: internal error: QEMU unexpectedly closed the monitor (vm='ubuntu24.04'): 2024-07-16T02:44:28.703713Z qemu-system-x86_64: failed to resize memfd to 17179869184: Permission denied

I have tried mounting hugepages, change permissions and so on, but nothing has worked. I disabled apparmor; it made no difference.

Tim Richardson
  • 2,414

1 Answers1

0

I had the very same problem and I found my solution. It might work for you too. Here it is: when starting the QEMU VM I noticed error messages in systemd log (I see them with journalctl -f) such as:

nov 19 14:44:18 pve01 kernel: audit: type=1400
audit(1732023858.053:99): apparmor="DENIED" operation="truncate"
profile="libvirt-4b1c771d-0c00-490f-8a46-04dd3e9bdf9a" name="/"
pid=2468008 comm="kvm" requested_mask="w" denied_mask="w"
fsuid=64055 ouid=64055

Then, browsing internet, I found this discussion: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/2073214

The solution was to open file /etc/apparmor.d/libvirt/libvirt-4b1c771d-0c00-490f-8a46-04dd3e9bdf9a (the exact file name is written in the systemd journal error message) and add the / rw, line close to the end, then I made apparmor reload the file.

The final file content is:

#
# This profile is for the domain whose UUID matches this file.
#

#include <tunables/global>


profile libvirt-4b1c771d-0c00-490f-8a46-04dd3e9bdf9a flags=(attach_disconnected) {
  #include <abstractions/libvirt-qemu>
  /dev/vg/ad rk,
  /dev/vg/db rk,
  /dev/vg/db-dati rk,
  /dev/vg/os rk,
  /dev/vg/os-dati rk,
  / rw,
  #include <libvirt/libvirt-4b1c771d-0c00-490f-8a46-04dd3e9bdf9a.files>
}

and, the command to reload that file is:

apparmor_parser --replace /etc/apparmor.d/libvirt/libvirt-4b1c771d-0c00-490f-8a46-04dd3e9bdf9a
eppesuig
  • 101