[pkg-apparmor] Bug#878203: Bug#878203: AA breaks libvirt when running with kernel 4.13

[Michael Biebl]

Am 11.10.2017 um 13:06 schrieb Christian Boltz:
> I noticed one denial that probably isn't covered by the upstream profile 
> yet:
> 
> apparmor="DENIED" operation="open" profile="libvirt-c6ae5f8d-
> e017-484d-9176-96b0e079c66d" name="/proc/726/cmdline" pid=6188 
> comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=114 
> ouid=0
> 
> That translates to
>     /@{PROC}/@{pids}/cmdline r,
> and should probably go into abstractions/libvirt-qemu



I was pointed at https://bugs.debian.org/877926

Updating libvirt to 3.8.0-1 from experimental fixed the immediate issue
for me, i.e. the libvirt instances start again.

I'm not sure whether to merge these two bug reports now, or we keep this
one open and deal with the remaining denial(s) (the severity should
probably be downgraded in this case as it doesn't seem to cause any
noticeable issues).

After updating to libvirt 3.8.0-1 I still the get following DENIAL when
shutting down a libvirt/KVM instance:

> 2017-10-11T14:43:54.683220+02:00 pluto kernel: [  355.112941] audit:
type=1400 audit(1507725834.681:55): apparmor="DENIED" operation="open"
profile="libvirt-4e5a8920-a2a1-4c6b-b7f1-528c20878cdd"
name="/proc/684/cmdline" pid=3154 comm="qemu-system-x86"
requested_mask="r" denied_mask="r" fsuid=114 ouid=0


-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-apparmor-team/attachments/20171011/711b4eb0/attachment-0001.sig>