https://bugzilla.novell.com/show_bug.cgi?id=666090
https://bugzilla.novell.com/show_bug.cgi?id=666090#c1
Jeff Mahoney changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |NEEDINFO
CC| |jfehlig@novell.com
InfoProvider| |jfehlig@novell.com
--- Comment #1 from Jeff Mahoney 2011-01-21 13:46:32 UTC ---
What should the syslog message say? The caller doesn't get a specific error
code indicating that the failure was a UNIX permission failure, an ACL
permission failure, or an LSM permission failure.
Look in /var/log/audit/audit.log -- that's where the LSM failures go, not
syslog.
libvirt is starting up dnsmasq and putting its pid files in its own directory.
That's fine but not what the profile is expecting since dnsmasq puts its pid
files in /var/run/*dnsmasq*.pid. This is an issue with AppArmor every time an
application allows the user to specify an arbitrary file to write. It can
changed based on what other process calls the application.
This can be solved in a few ways.
1) Update the usr.sbin.dnsmasq profile to allow /var/run/libvirt/network/*.pid
2) Update libvirt to place the pid file in
/var/run/libvirt-dnsmasq-$network.pid
3) Another option is to update the dnsmasq profile to allow /var/run/**.pid but
that gives it the ability to overwrite any other pid files.
Jim, what's your opinion here?
--
Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.