Ctrlk

VM Fails to Boot With: 'Unable to find security driver for label apparmor'

Problem

A virtual machine (VM) is unable to boot up with the following fault message.

{u'message': u'unsupported configuration: Unable to find security driver for label apparmor', u'code': 500}

Environment

  • Platform9 Managed OpenStack - v3.6.0 and higher

  • AppArmor

  • Ubuntu 14.04

Cause

The VMs' libvirtd process is a part of the AppArmor security module.

Resolution

  1. Remove the VM's libvirtd process from apparmor by running the command.

apparmor_parser -R /etc/apparmor.d/libvirt/libvirt-[__vm-uuid__]

  1. Open the XML definition of the VM for editing.

$ virsh edit [vm_uuid]

  1. Scroll to the end of the file until you see this line.

Change it to the following.

  1. If the VM was in a ShutOff state initially, start the VM from a virsh perspective.

  1. If you are editing the XML of an already running instance you will have to stop and start VMs for the changes to take effect.

Additional Information

Please see the official AppArmor Documentation for more details on working with this Mandatory Access Control (MAC) mechanism.

PreviousCreating Volume-Backed Instance From Image FailsNextHost Convergence Failure Due to Inability to Acquire DPKG Frontend Lock

Last updated