[pkg-apparmor] Bug#847370: Recent apparmor broke "virsh lxc-enter"

Guido Günther agx at sigxcpu.org
Wed Dec 7 16:05:33 UTC 2016 

Package: apparmor
Version: 2.10.95-7
Severity: normal

Hi,
running

    debian/tests/smoke-lxc

from

    https://anonscm.debian.org/cgit/pkg-libvirt/libvirt.git/tree/debian/tests/smoke-lxc

shows a:

    …
    + virsh lxc-enter-namespace --noseclabel sl /bin/ls /bin/ls
    libvirt:  error : Expected at least one file descriptor
    error: internal error: Child process (2714) unexpected exit status 125
    …

and in dmesg I have

    [   53.910080] audit_printk_skb: 12 callbacks suppressed
    [   53.910082] audit: type=1400 audit(1481125685.045:103): apparmor="DENIED" operation="getattr" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/libvirtd" name="" pid=1353 comm="libvirtd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
    [   53.933255] audit: type=1400 audit(1481125685.069:104): apparmor="DENIED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/libvirtd" name="" pid=1422 comm="libvirtd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
    [   53.933267] audit: type=1400 audit(1481125685.069:105): apparmor="DENIED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/libvirtd" name="" pid=1422 comm="libvirtd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
    [   53.933274] audit: type=1400 audit(1481125685.069:106): apparmor="DENIED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/libvirtd" name="" pid=1422 comm="libvirtd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
    [   53.933282] audit: type=1400 audit(1481125685.069:107): apparmor="DENIED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/libvirtd" name="" pid=1422 comm="libvirtd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
    [   53.933290] audit: type=1400 audit(1481125685.069:108): apparmor="DENIED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/libvirtd" name="" pid=1422 comm="libvirtd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
    [   53.933297] audit: type=1400 audit(1481125685.069:109): apparmor="DENIED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/libvirtd" name="" pid=1422 comm="libvirtd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

This looks lke a regression and I'm pretty sure libvirt didn't change in
between. I will have a closer look somewhen but wanted to file this here
in case this rings a bell.
Cheers,
 -- Guido

-- System Information:
Debian Release: stretch/sid
  APT prefers testing
  APT policy: (990, 'testing'), (500, 'stable-updates'), (500, 'unstable'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 4.8.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages apparmor depends on:
ii  debconf [debconf-2.0]  1.5.59
ii  init-system-helpers    1.46
ii  libapparmor-perl       2.10.95-6
ii  libc6                  2.24-5
ii  lsb-base               9.20161101
pn  python3:any            <none>

apparmor recommends no packages.

Versions of packages apparmor suggests:
pn  apparmor-docs            <none>
ii  apparmor-profiles        2.10.95-7
ii  apparmor-profiles-extra  1.10
ii  apparmor-utils           2.10.95-6

-- debconf information:
  apparmor/homedirs:

More information about the pkg-apparmor-team mailing list