i haven't done a lot of work with apparmor. do you remember turning it off or disabling it at all?Aug 27 22:16:49 chromarietto systemd[1]: apparmor.service - Load AppArmor profiles was skipped because of an unmet condition check
(ConditionSecurity=apparmor).
understood. my point was more along the lines of do you have a package to replace all of those since they seem to be helpful or necessary.I can't do like that. There is a reason why I have recompiled everything from source code.
<action id="org.libvirt.unix.manage">
<description>Manage local virtualized systems</description>
<message>System policy prevents management of local virtualized systems</message>
<defaults>
<!-- Any program can use libvirt in read/write mode if they
provide the root password -->
<allow_any>auth_admin_keep</allow_any>
<allow_inactive>auth_admin_keep</allow_inactive>
<allow_active>auth_admin_keep</allow_active>
</defaults>
</action>
<action id="org.libvirt.unix.manage">
<description>Manage local virtualized systems</description>
<message>System policy prevents management of local virtualized systems</message>
<defaults>
<!-- Any program can use libvirt in read/write mode if they
provide the root password -->
<allow_any>yes</allow_any>
<allow_inactive>yes</allow_inactive>
<allow_active>yes</allow_active>
</defaults>
</action>
sudo virsh net-info default
sudo virsh net-start default
Error starting network 'default': internal error:
Failed to apply firewall rules /usr/sbin/iptables -w --table mangle --list-rules: iptables v1.8.9 (legacy):
can't initialize iptables table `mangle': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
Traceback (most recent call last):
File "/usr/local/share/virt-manager/virtManager/asyncjob.py", line 71, in cb_wrapper
callback(asyncjob, *args, **kwargs)
File "/usr/local/share/virt-manager/virtManager/asyncjob.py", line 107, in tmpcb
callback(*args, **kwargs)
File "/usr/local/share/virt-manager/virtManager/object/libvirtobject.py", line 57, in newfn
ret = fn(self, *args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/local/share/virt-manager/virtManager/object/network.py", line 69, in start
self._backend.create()
File "/usr/lib/python3/dist-packages/libvirt.py", line 3547, in create
raise libvirtError('virNetworkCreate() failed')
libvirt.libvirtError: internal error: Failed to apply firewall rules /usr/sbin/iptables -w --table mangle --list-rules: iptables v1.8.9 (legacy): can't initialize iptables table `mangle': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
apt list '*iptables*' -i
Listing... Done
iptables/stable,now 1.8.9-2 amd64 [installed,automatic]
lsmod | grep ip
ipt_REJECT 16384 2
nf_reject_ipv4 16384 1 ipt_REJECT
nf_defrag_ipv6 24576 1 nf_conntrack
nf_defrag_ipv4 16384 1 nf_conntrack
ip_tables 36864 0
x_tables 61440 7 xt_conntrack,nft_compat,xt_tcpudp,xt_CHECKSUM,ipt_REJECT,ip_tables,xt_MASQUERADE
multipath 20480 0
md_mod 192512 6 raid1,raid10,raid0,linear,raid456,multipath
/sbin/modinfo ip_tables
filename: /lib/modules/6.1.0-10-amd64/kernel/net/ipv4/netfilter/ip_tables.ko
alias: ipt_icmp
description: IPv4 packet filter
author: Netfilter Core Team <[email protected]>
license: GPL
depends: x_tables
retpoline: Y
intree: Y
name: ip_tables
i mean if you're feeling bold (and i would have a solid backup just in case), you could try running that command manually to see if it makes a difference.Failed to apply firewall rules /usr/sbin/iptables -w --table mangle --list-rules
deb12xfce@deb12xfce ~ [4]> sudo /usr/sbin/iptables -w --table mangle --list-rules
[sudo] password for deb12xfce:
-P PREROUTING ACCEPT
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-P POSTROUTING ACCEPT
-N LIBVIRT_PRT
-A POSTROUTING -j LIBVIRT_PRT
-A LIBVIRT_PRT -o virbr1 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
those were listed in the installed packages. some info about them:libvirt-daemon-config-network libvirt-daemon-config-nwfilter
apt show libvirt-daemon-config-network libvirt-daemon-config-nwfilter
Package: libvirt-daemon-config-network
Version: 9.0.0-4
Priority: optional
Section: admin
Source: libvirt
Maintainer: Debian Libvirt Maintainers <[email protected]>
Installed-Size: 43.0 kB
Breaks: libvirt-daemon-system (<< 6.9.0-2~)
Replaces: libvirt-daemon-system (<< 6.9.0-2~)
Homepage: https://libvirt.org/
Download-Size: 16.7 kB
APT-Manual-Installed: no
APT-Sources: http://deb.debian.org/debian bookworm/main amd64 Packages
Description: Libvirt daemon configuration files (default network)
Libvirt is a C toolkit to interact with the virtualization capabilities
of recent versions of Linux (and other OSes). The library aims at providing
a long term stable C API for different virtualization mechanisms. It currently
supports QEMU, KVM, XEN, OpenVZ, LXC, and VirtualBox.
.
This package contains the configuration for the 'default' libvirt network.
Package: libvirt-daemon-config-nwfilter
Version: 9.0.0-4
Priority: optional
Section: admin
Source: libvirt
Maintainer: Debian Libvirt Maintainers <[email protected]>
Installed-Size: 68.6 kB
Breaks: libvirt-daemon-system (<< 6.9.0-2~)
Replaces: libvirt-daemon-system (<< 6.9.0-2~)
Homepage: https://libvirt.org/
Download-Size: 19.4 kB
APT-Manual-Installed: no
APT-Sources: http://deb.debian.org/debian bookworm/main amd64 Packages
Description: Libvirt daemon configuration files (default network filters)
Libvirt is a C toolkit to interact with the virtualization capabilities
of recent versions of Linux (and other OSes). The library aims at providing
a long term stable C API for different virtualization mechanisms. It currently
supports QEMU, KVM, XEN, OpenVZ, LXC, and VirtualBox.
.
This package contains the configuration for the default set of nwfilters.
those were listed in the installed packages. some info about them:
Code:apt show libvirt-daemon-config-network libvirt-daemon-config-nwfilter Package: libvirt-daemon-config-network Version: 9.0.0-4 Priority: optional Section: admin Source: libvirt Maintainer: Debian Libvirt Maintainers <[email protected]> Installed-Size: 43.0 kB Breaks: libvirt-daemon-system (<< 6.9.0-2~) Replaces: libvirt-daemon-system (<< 6.9.0-2~) Homepage: https://libvirt.org/ Download-Size: 16.7 kB APT-Manual-Installed: no APT-Sources: http://deb.debian.org/debian bookworm/main amd64 Packages Description: Libvirt daemon configuration files (default network) Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The library aims at providing a long term stable C API for different virtualization mechanisms. It currently supports QEMU, KVM, XEN, OpenVZ, LXC, and VirtualBox. . This package contains the configuration for the 'default' libvirt network. Package: libvirt-daemon-config-nwfilter Version: 9.0.0-4 Priority: optional Section: admin Source: libvirt Maintainer: Debian Libvirt Maintainers <[email protected]> Installed-Size: 68.6 kB Breaks: libvirt-daemon-system (<< 6.9.0-2~) Replaces: libvirt-daemon-system (<< 6.9.0-2~) Homepage: https://libvirt.org/ Download-Size: 19.4 kB APT-Manual-Installed: no APT-Sources: http://deb.debian.org/debian bookworm/main amd64 Packages Description: Libvirt daemon configuration files (default network filters) Libvirt is a C toolkit to interact with the virtualization capabilities of recent versions of Linux (and other OSes). The library aims at providing a long term stable C API for different virtualization mechanisms. It currently supports QEMU, KVM, XEN, OpenVZ, LXC, and VirtualBox. . This package contains the configuration for the default set of nwfilters.