[Pkg-libvirt-maintainers] Bug#786650: virt-aa-helper: incomplete apparmor profile

Luke Faraone lfaraone at debian.org
Sun May 24 00:14:48 UTC 2015 

Package: libvirt-daemon-system
Version: 1.2.9-9
Severity: normal
File: /etc/apparmor.d/libvirt/TEMPLATE.qemu
Tags: patch

On attempting to create a new virtual machine with KVM:

May 23 23:26:39 aqua kernel: [  318.993668] audit: type=1400
audit(1432423599.343:63): apparmor="DENIED" operation="open"
profile="/usr/lib/libvirt/virt-aa-helper" name="/etc/libnl-3/classid" pid=2499
comm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 23 23:26:39 aqua kernel: [  318.995946] audit: type=1400
audit(1432423599.343:64): apparmor="DENIED" operation="open"
profile="/usr/lib/libvirt/virt-aa-helper" name="/dev/dm-7" pid=2499 comm="virt-
aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
May 23 23:26:39 aqua libvirtd[1130]: internal error: cannot load AppArmor
profile 'libvirt-68bf0174-32b3-498e-b55d-80fdc2b5fee9'

This can be solved by applying the attached patch to
/etc/apparmor.d/usr.lib.libvirt.virt-aa-helper

-- System Information:
Debian Release: 8.0
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_GB.UTF-8, LC_CTYPE=en_GB.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages libvirt-daemon-system depends on:
ii  adduser              3.113+nmu3
ii  gettext-base         0.19.3-2
ii  init-system-helpers  1.22
ii  libapparmor1         2.9.0-3
ii  libaudit1            1:2.4-1+b1
ii  libavahi-client3     0.6.31-5
ii  libavahi-common3     0.6.31-5
ii  libblkid1            2.25.2-6
ii  libc6                2.19-18
ii  libcap-ng0           0.7.4-2
ii  libdbus-1-3          1.8.16-1
ii  libdevmapper1.02.1   2:1.02.90-2.2
ii  libgnutls-deb0-28    3.3.8-6
ii  libnl-3-200          3.2.24-2
ii  libnl-route-3-200    3.2.24-2
ii  libnuma1             2.0.10-1
ii  librados2            0.80.7-2
ii  librbd1              0.80.7-2
ii  libsasl2-2           2.1.26.dfsg1-13
ii  libselinux1          2.3-2
ii  libssh2-1            1.4.3-4.1
ii  libsystemd0          215-17
ii  libvirt-clients      1.2.9-9
ii  libvirt-daemon       1.2.9-9
ii  libvirt0             1.2.9-9
ii  libxml2              2.9.1+dfsg1-5
ii  libyajl2             2.1.0-2
ii  logrotate            3.8.7-1+b1
ii  policykit-1          0.105-8

Versions of packages libvirt-daemon-system recommends:
ii  bridge-utils  1.5-9
ii  dmidecode     2.12-3
ii  dnsmasq-base  2.72-3+deb8u1
ii  ebtables      2.0.10.4-3
ii  iproute2      3.16.0-2
ii  iptables      1.4.21-2+b1
ii  parted        3.2-7
ii  pm-utils      1.4.1-15

Versions of packages libvirt-daemon-system suggests:
ii  apparmor   2.9.0-3
pn  auditd     <none>
pn  radvd      <none>
ii  systemd    215-17
pn  systemtap  <none>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: usr.lib.libvirt.virt-aa-helper.diff
Type: text/x-diff
Size: 769 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-libvirt-maintainers/attachments/20150524/5c625a0c/attachment.diff>

More information about the Pkg-libvirt-maintainers mailing list