hardlink – libvirt qemu AppArmor 9p hard links

I am using libvirt with qemu on a debian host. A virtual machine has a defined 9p mount point:


The default apparmor setting (which is apparently created by virt-aa-helper) does not allow me to create hard links on 9p volume.

I made it work by adding the following line to /etc/apparmor.d/abstractions/libvirt-qemu

  "/mnt/pool/share/**" rwl,

This works but you have the following problems:

  1. It allows everybody hosts to read / write to this directory, not just the host I need
  2. Requires editing a configuration file that is updated regularly, which is probably not a good idea because it makes it difficult to update the Debian package
  3. It is not configured in the libvirt xml file, which makes portability difficult and an additional step

Is there a better way?

Libvirt Migration Host Name: Server Error

I have configured two libvirt nodes with the following host names:

  • mycompany-hv-01.example.tld
  • mycompany-hv-02.example.tld

The names are declared in a public DNS and can be resolved (public IP).

When I try to migrate a guest from one host to another:

root@mycompany-hv-02:~# virsh migrate prout qemu+ssh://mycompany-hv-01.example.tld/system --offline --persistent
error: internal error: hostname on destination resolved to localhost, but migration requires an FQDN

The error is the same when I try a live migration.

I know this is not exactly the same error, but I tried the tips on this page. My DNS already works, so I tried to force the resolution by adding entries to my /etc/hosts on both hosts, but that doesn't work.

The following solution works:

virsh migrate prout qemu+ssh://mycompany-hv-02.example.tld/system tcp://mycompany-hv-02.example.tld --offline --persistent

I tried to define manually migration_host in /etc/libvirt/qemu.conf but I received the error:

configuration file syntax error: migration_host must not be the address of the local machine: mycompany-hv-01.example.tld

Do I miss something?

Kvm virtualization: how can I make my libvirt / KVM guest see all IPv4 / UDP multicast traffic?

I have a problem with IPv4 / UDP multicast traffic that is not completely visible from a KVM guest.

The guest has a dedicated NIC that is attached via MacVTap. Both the host operating system and the guest operating system are Ubuntu 18.04. This is the network configuration of the VM:


(Note that I obfuscated the actual MAC address).

Since I have enabled trustGuestRxFilters, mDNS is working fine. However, there is still some multicast traffic that I cannot see.

This is the command that generates problematic UDP multicast traffic:

raspivid -ae 40,0xff -a 1036 -t 0 -w 1280 -h 720 -ih -fps 30 -mm spot 
  -o udp://

This creates a constant video transmission of approximately 400 KB / s. Here I am deliberately using multicast, so several hosts on the network can play or record the transmission (without requiring that the source computer, which is connected via WiFi, send multiple transmissions). It is assumed that the host of the KVM guest analyzes the transmission and records it every time there is movement in the video.

Here is the problem: All hosts that are directly Connected to the network (= not a KVM guest) can receive UDP traffic, even the KVM host itself. However, the KVM guest cannot, only sees very few packages:

sudo timeout 20 tcpdump -i ens3 host
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on ens3, link-type EN10MB (Ethernet), capture size 262144 bytes
20:53:10.361355 IP vogelhaus.internal.example.com.48146 > UDP, length 4096
# omitted 5 lines
20:53:12.081881 IP vogelhaus.internal.example.com.48146 > UDP, length 4096

7 packets captured
16 packets received by filter
9 packets dropped by kernel

These are definitely not enough packages for a 400 KB / s video stream that runs for 20 seconds. When I do the same on another host that is directly connected, I get the expected results:

sudo timeout 20 tcpdump -i enp1s0f0 host
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on enp1s0f0, link-type EN10MB (Ethernet), capture size 262144 bytes
20:54:41.264709 IP vogelhaus.internal.example.com > udp
# ... many, many more! ...
20:55:00.912257 IP vogelhaus.internal.example.com > udp
20:55:00.912446 IP vogelhaus.internal.example.com.48146 > UDP, bad length 4096 > 1472

7205 packets captured
7231 packets received by filter
26 packets dropped by kernel

The operating system on the KVM host is Ubuntu 18.04. QEMU version:

QEMU emulator version 2.11.1(Debian 1:2.11+dfsg-1ubuntu7.21)

Any idea what prevents the KVM guest from seeing all the traffic?

Kvm virtualization: libvirt and macvtap problem in Arch Linux

I am using Arch Linux (updated) with QEMU-KVM, libvirt and virt-manager as front. I have several virtual machines, but so far only one is running at a time. The virtual machine I try to put to work is in Debian 10, but I also have a Kali and a CentOS 7 with the same problem when I try similar things.

The interface I am trying to use for macvtap is a wireless card (on a Thinkpad T580 laptop) connected to a Wi-Fi access point (WPA2).

I am trying to configure a macvtap interface to connect the wlp4s0 connection on my host to one of my virtual machines. To do that, I am using virt-manager. I tried bridge and VEPA mode on the macvtap, and tried all types of interfaces (virtual hardware) on the VM, without success, since there is no network connection. However, NAT mode works well on all virtual machines.

Libvirt puts the device (wlp4s0 on the host) in promiscuous mode, although ip-link does not show it (the mark in / sys / devices / … is changing, and dmesg says something about entering promiscuous mode).

When starting Wireshark and pinging the gateway (with a fixed IP) from the VM, I see the ARP request on the host in macvtap and in wlp4s0, but there is no response.

When using dhcp, dhclient gets no response.

I can provide more information is necessary. If you have any idea what is causing that, I will gladly listen to your suggestions!

Linux – QEMU / KVM / libvirt macvtap VEPA does not work – ARP request not forwarded

Hi, I have been struggling to make the guest network work when I use a macvtap in VEPA mode between two virtual machines on a host. I've spent hours (days) searching on Google without joy. Does this network configuration really work?

I created the vtap using KVM Manager by adding a NIC, selecting the "macvtap" network source, the VEPA source mode, the device model: virtio.

The configuration looks like this (mac address):

vm3-62                                  vm2-62
----------                           ------------
eth1:            eth1:
(52:54:00:08:9d:8b)            (52::54:00:8a:b1:0f)
           +                               +
           |                               |
                           host          /
            macvtap1                  macvtap0
          (52:54:00:08:9d:8b)      (52:54:00:8a:b1:0f)
                       NIC port 1 and 2 (active/passive config)

Not sure if the above will format well, if the previous diagram was not formatted here is a JPEG

The host NIC is connected to a cisco nexus 9000, which I configured for the 802.1Qbg reflective relay.

In vm2-62 when I try to ping, I get the unreachable destination Host.

When I use tcpdump on the host, I can see the ARP request of vm2-62 looking for the mac for (vm3-62). I can see the request in macvtap0, and in bond1.62 and in bond1, but NOT in macvtap1.

If I manually add the ARP inputs in vm3-62 and vm2-62, the ping works fine, so I think the reflective relay on the switch is set correctly.

It seems that the switch is not retrieving the ARP request or that I need to do something in Linux to enable bond1.62 to forward the ARP request to macvtap1.

Any ideas? .

Thank you

networks: Libvirt does not recognize network interfaces

So I am using Virtual Machine Manager, and the sad part is that it does not list my interfaces.
no interfaces in

Also if I execute the iface command I get this 🙁

$ virsh iface-list
 Name   State   MAC Address  

while if I run the ifconfig command I can see my eth0 interface very well

I need to do it so that the virtual machine administrator detects my interfaces and can create a bridge for my VM instances: c

I am using ubuntu 18.04 LTS with xfce4

Why libvirt bhyve guests does not restart?

I have libvirt with the bhyve driver in FreeBSD 12.
I have FreeBSD guests and Linux guests with UEFI. Both cannot restart, it only stops when a reset command is issued within the guest.

virtualization – libvirt: error: AppArmor profile cannot be set

I am following this tutorial on how to get through the GPU, however, when I get to the 6:43 mark, where do you press Start the installation button, I get this following error:

Unable to complete install: 'internal error: Process exited prior to exec: libvirt:  error : unable to set AppArmor profile 'libvirt-5d739005-01d9-4c7c-9b41-bb3e3486c672' for '/usr/bin/qemu-system-x86_64': No such file or directory'

Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 75, in cb_wrapper
    callback(asyncjob, *args, **kwargs)
  File "/usr/share/virt-manager/virtManager/create.py", line 2119, in _do_async_install
    guest.installer_instance.start_install(guest, meter=meter)
  File "/usr/share/virt-manager/virtinst/installer.py", line 419, in start_install
    doboot, transient)
  File "/usr/share/virt-manager/virtinst/installer.py", line 362, in _create_guest
    domain = self.conn.createXML(install_xml or final_xml, 0)
  File "/usr/lib/python3/dist-packages/libvirt.py", line 3717, in createXML
    if ret is None:raise libvirtError('virDomainCreateXML() failed', conn=self)
libvirt.libvirtError: internal error: Process exited prior to exec: libvirt:  error : unable to set AppArmor profile 'libvirt-5d739005-01d9-4c7c-9b41-bb3e3486c672' for '/usr/bin/qemu-system-x86_64': No such file or directory
➜ ls /usr/bin | grep qemu

I've been searching since yesterday on Google to find the solution, but I can't find anything in it. Does anyone here know why this error appears?

libvirt – Using a NetBSD VM for console only

I'm experimenting with NetBSD and see if I can get the Fenrir screen reader to run on it. However, I came across a later installation of the glue; The console I was using for the installation worked perfectly fine, however, it stopped working completely once I completed the installation. For reference, here is the line I used for virt-install:
virt-install –connect qemu: /// system -n netbsd-testing
–ram 4096 –vcpus = 8
–cpu = host
-c /home/sektor/Downloads/boot-com.iso
–os-type = netbsd –os-variant = netbsd8.0
–disk = pool = devel, size = 100, format = qcow2
-w network = default –nographics
When I asked for the type of terminal I was using (this is the NetBSD installation program), I accepted the default value that was VT200. As I recall, I told him to use the BIOS for the boot, and not any of the serial communications ports. Has anyone had more experience not using graphics on a Libvirt virtual machine and have some point in how to get a console that works?

Thank you.

slackware – Can you tell that libvirt is trying to close a guest?

Is it possible through some mechanism of hooking or callback for my script or executable? running on the host to know that libvirt is ready or has recently sent a command for a Guest to close?

I am not trying to detect the case that the guest has decided to close on its own. I am trying to detect the case in which libvirt has decided to ask a guest to close.

I'm trying to do this so that my script or executable can automatically send a shutdown command "on the side" via SSH to a pair of macOS guests that do not respond to ACPI commands and can not execute the libvirt guest agent.

I have found script hooks and API callback mechanisms that will inform me after the guests have closed, but they can not discover a trick to learn about a tried to close a guest.

I am running libvirt under Slackware, but an answer regarding any host platform can be valuable. Thank you!