[pkg-apparmor] Bug#878203: Bug#878203: Bug#878203: AA breaks libvirt when running with kernel 4.13
Christian Boltz
debian-bugs at cboltz.de
Wed Oct 11 11:06:19 UTC 2017
Hello,
there were some more profile changes done - first in openSUSE [1], but
AFAIK they were already upstreamed.
I had a quick look at the log - most denials are fixed with the latest
upstream profile, so I'd recommend to grab that one.
I noticed one denial that probably isn't covered by the upstream profile
yet:
apparmor="DENIED" operation="open" profile="libvirt-c6ae5f8d-
e017-484d-9176-96b0e079c66d" name="/proc/726/cmdline" pid=6188
comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=114
ouid=0
That translates to
/@{PROC}/@{pids}/cmdline r,
and should probably go into abstractions/libvirt-qemu
Regards,
Christian Boltz
[1] https://bugzilla.opensuse.org/show_bug.cgi?id=1058847 and
https://bugzilla.opensuse.org/show_bug.cgi?id=1060860
--
In asynchron-verteilten Umgebungen mußt Du gegen jede einzelne Regel
Deiner Datenbankvorlesung verstoßen. [Kris Köhntopp]
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.alioth.debian.org/pipermail/pkg-apparmor-team/attachments/20171011/2656bfd3/attachment-0002.sig>
More information about the pkg-apparmor-team
mailing list