Package: libvirt-daemon
Version: 10.7.0-3
Severity: normal
X-Debbugs-Cc: farb...@vodafonemail.de
Dear Maintainer,
* What led up to the situation?
Recent upgrade of packages libvirt-daemon (10.7.0-3) and/or qemu-system-common
(1:9.0.2+ds-2+b1).
* What exactly did you do (or not do) that was effective (or
ineffective)?
Tried to start a ***user-level*** QEMU VM through libvirt/virsh.
* What was the outcome of this action?
The VM failed to start with error message:
[~]$ virsh start ol
error: Failed to start domain 'ol'
error: /usr/lib/qemu/qemu-bridge-helper --use-vnet --br=virbr0 --fd=32:
failed to communicate with bridge helper: : Transport endpoint is not connected
The journal contains the following log entries:
Sep 21 17:33:08 host01 libvirtd[5562]: /usr/lib/qemu/qemu-bridge-helper
--use-vnet --br=virbr0 --fd=32: failed to communicate with bridge helper: :
Transport endpoint is not connected
Sep 21 17:33:08 host01 kernel: audit: type=1400 audit(1726932788.816:33):
apparmor="DENIED" operation="file_mmap" class="file"
profile="libvirtd//qemu_bridge_helper" name="/usr/bin/dash" pid=5614
comm="qemu-bridge-hel" requested_mask="r" denied_mask="r" fsuid=1000 ouid=0
* What outcome did you expect instead?
The VM starting as usual.
* Educated Guess
- Package qemu-system-common has moved the QEMU bridge helper to
directory /usr/libexec/qemu/qemu-bridge-helper, replacing the
original /usr/lib/qemu/qemu-bridge-helper with a Bourne shell
wrapper script that passes control to the real executable.
- However, function virDomainCreateInBridgePortWithHelper in file
src/hypervisor/domain_interface.c of libvirt still looks for
the bridge helper only in the previous locations, which is
$PATH plus the entries in local variable bridgeHelperDirs.
Directory /usr/libexec/qemu is not among these.
- As a result, libvirtd tries to start the bridge helper through
the Bourne shell wrapper script, which conflicts with the
AppArmor rules for libvirtd.
* Workaround
As a work-around, one can configure variable bridge_helper to the
absolute path "/usr/libexec/qemu/qemu-bridge-helper" in file
~/.config/libvirt/qemu.conf.
-- System Information:
Debian Release: trixie/sid
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 6.10.9-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8),
LANGUAGE=en_US:en
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages libvirt-daemon depends on:
ii libc6 2.40-2
ii libgcc-s1 14.2.0-3
ii libglib2.0-0t64 2.82.0-1
ii libtirpc3t64 1.3.4+ds-1.3
ii libvirt-common 10.7.0-3
ii libvirt-daemon-common 10.7.0-3
ii libvirt0 10.7.0-3
ii libxml2 2.9.14+dfsg-1.3+b3
ii logrotate 3.22.0-1
Versions of packages libvirt-daemon recommends:
pn libvirt-daemon-driver-interface <none>
pn libvirt-daemon-driver-lxc <none>
ii libvirt-daemon-driver-network 10.7.0-3
ii libvirt-daemon-driver-nodedev 10.7.0-3
ii libvirt-daemon-driver-nwfilter 10.7.0-3
ii libvirt-daemon-driver-qemu 10.7.0-3
ii libvirt-daemon-driver-secret 10.7.0-3
ii libvirt-daemon-driver-storage 10.7.0-3
pn libvirt-daemon-driver-storage-disk <none>
pn libvirt-daemon-driver-storage-iscsi <none>
pn libvirt-daemon-driver-storage-logical <none>
pn libvirt-daemon-driver-storage-mpath <none>
pn libvirt-daemon-driver-storage-scsi <none>
pn libvirt-daemon-driver-vbox <none>
pn libvirt-daemon-driver-xen <none>
pn libvirt-daemon-lock <none>
ii libvirt-daemon-log 10.7.0-3
pn libvirt-daemon-plugin-lockd <none>
pn libvirt-daemon-plugin-sanlock <none>
Versions of packages libvirt-daemon suggests:
pn libvirt-daemon-driver-storage-gluster <none>
pn libvirt-daemon-driver-storage-iscsi-direct <none>
pn libvirt-daemon-driver-storage-rbd <none>
pn libvirt-daemon-driver-storage-zfs <none>
ii libvirt-daemon-system 10.7.0-3
-- no debconf information
