[pkg-apparmor] Bug#931470: In debian buster: apparmor denies sys_rawio capability from libvirtd which happens when using scsi disks
intrigeri
intrigeri at debian.org
Wed Jul 17 20:20:50 BST 2019
Control: reassign -1 libvirt-daemon-system
Control: tag -1 + moreinfo
Hi,
Katerina Koukiou:
> When trying to create VMs with disks on scsi apparmor will show
> warnings in journal.
> [...]
> The apparmor warning line from journal is the following:
> audit: type=1400 audit(1562337821.518:28): apparmor="DENIED"
> operation="capable" profile="/usr/sbin/libvirtd"
> pid=1611comm="libvirt_parthel" capability=17 capname="sys_rawio"
I'm reassigning this bug to the package that ships faulty profile
(/etc/apparmor.d/usr.sbin.libvirtd).
I have no SCSI hardware handy so I'll need some help from you to
implement a fix and propose it upstream.
Please try this:
1. Add this line to /etc/apparmor.d/local/usr.sbin.libvirtd:
capability sys_rawio,
2. Load the updated libvirtd profile:
apparmor_parser -r /etc/apparmor.d/usr.sbin.libvirtd
3. Try to reproduce the bug.
Cheers,
--
intrigeri
More information about the pkg-apparmor-team
mailing list