multipass Cannot launch multipass, apparmor="DENIED"

Describe the bug When trying to launch an image getting the timeout error: u2204: timed out waiting for response.

To Reproduce

multipass launch jammy -n u2204 -vvvvv

Expected behavior Working image

Logs


[2022-04-28T07:54:51.161] [debug] [qemu-img] [106615] started: qemu-img snapshot -l /var/snap/multipass/common/data/multipassd/vault/instances/u2204/ubuntu-22.04-server-cloudimg-amd64.img
[2022-04-28T07:54:51.245] [trace] [daemon] Loading AppArmor policy:

#include <tunables/global>
profile multipass.u2204.qemu-system-x86_64 flags=(attach_disconnected) {
  #include <abstractions/base>
  #include <abstractions/consoles>
  #include <abstractions/nameservice>

  # required for reading disk images
  capability dac_override,
  capability dac_read_search,
  capability chown,

  # needed to drop privileges
  capability setgid,
  capability setuid,

  network inet stream,
  network inet6 stream,

  # Allow multipassd send qemu signals
  signal (receive) peer=snap.multipass.multipassd,

  /dev/net/tun rw,
  /dev/kvm rw,
  /dev/ptmx rw,
  /dev/kqemu rw,
  @{PROC}/*/status r,
  # When qemu is signaled to terminate, it will read cmdline of signaling
  # process for reporting purposes. Allowing read access to a process
  # cmdline may leak sensitive information embedded in the cmdline.
  @{PROC}/@{pid}/cmdline r,
  # Per man(5) proc, the kernel enforces that a thread may
  # only modify its comm value or those in its thread group.
  owner @{PROC}/@{pid}/task/@{tid}/comm rw,
  @{PROC}/sys/kernel/cap_last_cap r,
  owner @{PROC}/*/auxv r,
  @{PROC}/sys/vm/overcommit_memory r,

  # access to firmware's etc (selectively chosen for multipass' usage)
  /snap/multipass/6904/qemu/* r,

  # for save and resume
  /{usr/,}bin/dash rmix,
  /{usr/,}bin/dd rmix,
  /{usr/,}bin/cat rmix,

  # for restore
  /{usr/,}bin/bash rmix,

  # for file-posix getting limits since 9103f1ce
  /sys/devices/**/block/*/queue/max_segments r,

  # for gathering information about available host resources
  /sys/devices/system/cpu/ r,
  /sys/devices/system/node/ r,
  /sys/devices/system/node/node[0-9]*/meminfo r,
  /sys/module/vhost/parameters/max_mem_regions r,

  # binary and its libs
  /snap/multipass/6904/usr/bin/qemu-system-x86_64 ixr,
  /snap/multipass/6904/{,usr/}lib/{,@{multiarch}/}{,**/}*.so* rm,

  # CLASSIC ONLY: need to specify required libs from core snap
  /{,var/lib/snapd/}snap/core18/*/{,usr/}lib/@{multiarch}/{,**/}*.so* rm,

  # Disk images
  /var/snap/multipass/common/data/multipassd/vault/instances/u2204/ubuntu-22.04-server-cloudimg-amd64.img rwk,  # QCow2 filesystem image
  /var/snap/multipass/common/data/multipassd/vault/instances/u2204/cloud-init-config.iso rk,   # cloud-init ISO
}

[2022-04-28T07:54:51.245] [debug] [u2204] process working dir '/snap/multipass/6904/qemu'
[2022-04-28T07:54:51.246] [info] [u2204] process program 'qemu-system-x86_64'
[2022-04-28T07:54:51.246] [info] [u2204] process arguments '--enable-kvm, -cpu, host, -nic, tap,ifname=tap-ac2cd339b44,script=no,downscript=no,model=virtio-net-pci,mac=52:54:00:9b:d8:e7, -device, virtio-scsi-pci,id=scsi0, -drive, file=/var/snap/multipass/common/data/multipassd/vault/instances/u2204/ubuntu-22.04-server-cloudimg-amd64.img,if=none,format=qcow2,discard=unmap,id=hda, -device, scsi-hd,drive=hda,bus=scsi0.0, -smp, 1, -m, 1024M, -qmp, stdio, -chardev, null,id=char0, -serial, chardev:char0, -nographic, -cdrom, /var/snap/multipass/common/data/multipassd/vault/instances/u2204/cloud-init-config.iso'
[2022-04-28T07:54:51.247] [debug] [qemu-system-x86_64] [106677] started: qemu-system-x86_64 -nographic -dump-vmstate /tmp/multipassd.urYDbs
[2022-04-28T07:54:51.276] [debug] [daemon] Applied AppArmor policy: multipass.u2204.qemu-system-x86_64
[2022-04-28T07:54:51.276] [info] [u2204] process state changed to Starting
[2022-04-28T07:54:51.278] [info] [u2204] process state changed to Running
[2022-04-28T07:54:51.278] [debug] [qemu-system-x86_64] [106683] started: qemu-system-x86_64 --enable-kvm -cpu host -nic tap,ifname=tap-ac2cd339b44,script=no,downscript=no,model=virtio-net-pci,mac=52:54:00:9b:d8:e7 -device virtio-scsi-pci,id=scsi0 -drive file=/var/snap/multipass/common/data/multipassd/vault/instances/u2204/ubuntu-22.04-server-cloudimg-amd64.img,if=none,format=qcow2,discard=unmap,id=hda -device scsi-hd,drive=hda,bus=scsi0.0 -smp 1 -m 1024M -qmp stdio -chardev null,id=char0 -serial chardev:char0 -nographic -cdrom /var/snap/multipass/common/data/multipassd/vault/instances/u2204/cloud-init-config.iso
[2022-04-28T07:54:51.278] [info] [u2204] process started
launch failed: The following errors occurred:
u2204: timed out waiting for response

journal logs:

Apr 28 07:54:51 system76 multipassd[101198]: Applied AppArmor policy: multipass.u2204.qemu-system-x86_64
Apr 28 07:54:51 system76 multipassd[101198]: process state changed to Starting
Apr 28 07:54:51 system76 multipassd[101198]: process state changed to Running
Apr 28 07:54:51 system76 multipassd[101198]: [106683] started: qemu-system-x86_64 --enable-kvm -cpu host -nic tap,ifname=tap-ac2cd339b44,script=no,downscript=no,model=virtio-net-pci,mac=52:54:00:9b:d8:e7 -device >
Apr 28 07:54:51 system76 multipassd[101198]: process started
Apr 28 07:54:51 system76 multipassd[101198]: Waiting for SSH to be up
Apr 28 07:54:51 system76 audit[106683]: AVC apparmor="DENIED" operation="open" profile="multipass.u2204.qemu-system-x86_64" name="/snap/multipass/6904/qemu/" pid=106683 comm="qemu-system-x86" requested_mask="r" d>
Apr 28 07:54:51 system76 audit[106683]: AVC apparmor="DENIED" operation="open" profile="multipass.u2204.qemu-system-x86_64" name="/sys/bus/nd/devices/" pid=106683 comm="qemu-system-x86" requested_mask="r" denied_>
Apr 28 07:54:51 system76 multipassd[101198]: QMP: {"QMP": {"version": {"qemu": {"micro": 1, "minor": 2, "major": 4}, "package": "Debian 1:4.2-3ubuntu6.21"}, "capabilities": ["oob"]}}
Apr 28 07:54:51 system76 kernel: IPv6: ADDRCONF(NETDEV_CHANGE): tap-ac2cd339b44: link becomes ready
Apr 28 07:54:51 system76 kernel: mpqemubr0: port 1(tap-ac2cd339b44) entered blocking state
Apr 28 07:54:51 system76 kernel: mpqemubr0: port 1(tap-ac2cd339b44) entered forwarding state

Additional info

OS:

Distributor ID: Pop
Description:    Pop!_OS 22.04 LTS
Release:        22.04
Codename:       jammy

multipass version

multipass   1.8.0
multipassd  1.8.0

multipass info --all

Name:           u2204
State:          Unknown
IPv4:           --
Release:        --
Image hash:     de5e632e17b8 (Ubuntu 22.04 LTS)
Load:           --
Disk usage:     --
Memory usage:   --
Mounts:         --

Apr 28 '22 05:04 maksimyugai

I am getting the same issue

Sep 26 '24 09:09 vishaldhiman86

Hi @vishaldhiman86, this issue is quite old and, since the problem is most likely tied to a particular setup, it would be good to know yours. Could you please open a new issue and fill in the info in the form? You can link back to this one for reference. Thanks.

Sep 26 '24 10:09 ricab