[Pkg-libvirt-maintainers] Bug#1076946: libvirt-daemon-system: Apparmor prevents /proc/sys/vm/max_map_count to be read

Laurent Bigonville bigon at debian.org
Wed Jul 24 14:39:12 BST 2024 

Package: libvirt-daemon-system
Version: 10.5.0-1
Severity: normal

Hello,

When starting a VM, I get the following denial from apparmor:

type=AVC msg=audit(1721828131.241:1176): apparmor="DENIED" operation="open" class="file" profile="libvirt-6fde45f5-ff7e-4277-87b9-123a8aa30c7e" name="/proc/sys/vm/max_map_count" pid=149623 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0^]FSUID="libvirt-qemu" OUID="root"

Not sure what this breaks, but it must either be allowed or silenced

Kind regards,
Laurent Bigonville


-- System Information:
Debian Release: trixie/sid
  APT prefers unstable-debug
  APT policy: (500, 'unstable-debug'), (500, 'unstable'), (1, 'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 6.9.10-amd64 (SMP w/12 CPU threads; PREEMPT)
Locale: LANG=fr_BE.UTF-8, LC_CTYPE=fr_BE.UTF-8 (charmap=UTF-8), LANGUAGE=fr_BE:fr
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages libvirt-daemon-system depends on:
ii  adduser                         3.137
ii  debconf [debconf-2.0]           1.5.87
ii  firewalld                       2.2.0-1
ii  gettext-base                    0.22.5-1
ii  iptables                        1.8.10-4
ii  libvirt-clients                 10.5.0-1
ii  libvirt-daemon                  10.5.0-1
ii  libvirt-daemon-config-network   10.5.0-1
ii  libvirt-daemon-config-nwfilter  10.5.0-1
ii  libvirt-daemon-system-systemd   10.5.0-1
ii  libvirt0                        10.5.0-1
ii  logrotate                       3.22.0-1
ii  polkitd                         124-3

Versions of packages libvirt-daemon-system recommends:
ii  dmidecode                    3.6-1
ii  dnsmasq-base [dnsmasq-base]  2.90-4
ii  iproute2                     6.10.0-1
ii  mdevctl                      1.3.0-2.1
ii  parted                       3.6-4

Versions of packages libvirt-daemon-system suggests:
ii  apparmor    3.1.7-1+b1
ii  auditd      1:3.1.2-4+b1
pn  nfs-common  <none>
pn  open-iscsi  <none>
pn  pm-utils    <none>
ii  systemd     256.2-1
pn  systemtap   <none>
pn  zfsutils    <none>

-- Configuration Files:
/etc/libvirt/qemu.conf [Errno 13] Permission non accordée: '/etc/libvirt/qemu.conf'

-- debconf information excluded

More information about the Pkg-libvirt-maintainers mailing list