I also added comments similar to above apparmor entries into /etc/libvirt/qemu.conf
Code:
# ============= Start Change ============== #
cgroup_device_acl = [
"/dev/null", "/dev/full", "/dev/zero",
"/dev/random", "/dev/urandom",
"/dev/ptmx", "/dev/kvm", "/dev/kqemu",
"/dev/rtc","/dev/hpet", "/dev/vfio/vfio",
"/dev/vfio/1", "/dev/vfio/14", "/dev/vfio/15", "/dev/vfio/16", "/dev/vfio/17",
"/dev/shm", "/root/.config/pulse", "/dev/snd",
]
# ============= Start Change ============== #
Plus some other possibilities
Code:
# Notes: The DAC security driver is always enabled; as a result, the
# value of security_driver cannot contain "dac". The value "none" is
# a special value; security_driver can be set to that value in
# isolation, but it cannot appear in a list of drivers.
#
#security_driver = "selinux"
# ============= Start Change ============== #
# Setting to None Didn't help me - might help you (I set mine back to apparmor)
#security_driver = "apparmor"
security_driver = "none"
# ============= End Change ============== #
Code:
# If set to non-zero, then attempts to create unconfined
# guests will be blocked. Defaults to 0.
# ============= Start Change ============== #
security_require_confined = 0
#security_require_confined = 1
# ============= End Change ============== #
If you're passing hardware through, this may also help
Code:
relaxed_acs_check = 1
Also in /etc/libvirt/qemu.conf you could set libvirt to run as root (not recommended, but you an do it - I have commented these out in my copy)
Code:
# ============= Start Change ============== #
user = "root"
# The group for QEMU processes run by the system instance. It can be
# specified in a similar way to user.
group = "root"
# ============= End Change ============== #
plus one or 2 other possibilities in the same file (you may not need all these, but I'll document them anyway
Code:
hugetlbfs_mount = "/dev/hugepages"
Code:
clear_emulator_capabilities = 1
Code:
vnc_allow_host_audio = 1
Code:
nographics_allow_host_audio = 1
once again .. good luck
Bookmarks