[pkg-apparmor] Bug#979964: Apparmor bpf and perfmon capname denial when creating a libvirt VM
intrigeri
intrigeri at debian.org
Fri Jan 15 09:36:27 GMT 2021
Control: reassign -1 libvirt-daemon-system
Hi,
Simon Kobyda (2021-01-12):
> Jan 12 11:16:09 debian kernel: [ 19.500732] audit: type=1400
> audit(1610450169.308:29): apparmor="DENIED" operation="capable"
> profile="libvirtd" pid=1931 comm="rpc-worker"
> capability=39 capname="bpf"
> Jan 12 11:16:09 debian kernel: [ 19.503459] audit: type=1400
> audit(1610450169.312:30): apparmor="DENIED" operation="capable"
> profile="libvirtd" pid=1931 comm="rpc-worker"
> capability=38 capname="perfmon"
Thanks for reporting this! I can reproduce it on my sid system.
I suppose the fix would be to add these 2 lines to the libvirtd
profile:
capability bpf,
capability perfmon,
So I'm reassigning to the package that ships
/etc/apparmor.d/usr.sbin.libvirtd.
Please let me know if I got it wrong and there's something I can do
to help in src:apparmor :)
More information about the pkg-apparmor-team
mailing list