https://bugzilla.novell.com/show_bug.cgi?id=848348 https://bugzilla.novell.com/show_bug.cgi?id=848348#c0 Summary: default apparmor profile blocks KVM networking Classification: openSUSE Product: openSUSE 13.1 Version: RC 1 Platform: Other OS/Version: Other Status: NEW Severity: Normal Priority: P5 - None Component: AppArmor AssignedTo: suse-beta@cboltz.de ReportedBy: dvosburg@suse.com QAContact: qa-bugs@suse.de CC: jfehlig@suse.com Found By: Field Engineer Blocker: --- Default apparmor profiles on 13.1 block the conf file used by dnsmasq for default KVM networking: 2013-10-30T09:47:08.776682-04:00 dpv-w530 kernel: [ 495.423541]
type=1400 audit(1383140828.774:44): apparmor="DENIED" operation="open" parent=1650 profile="/usr/sbin/dnsmasq" name="/var/lib/libvirt/dnsmasq/default.conf" pid=7253 comm="dnsmasq" requested_mask="r" denied_mask="r" fsuid=0 ouid=65534
From Jim Fehlig (cc'd on this bug)
I've verified the following change to /etc/apparmor.d/usr.sbin.dnsmasq fixes the issue. --- usr.sbin.dnsmasq.orig 2013-10-30 15:18:28.392197903 +0000 +++ usr.sbin.dnsmasq 2013-10-30 15:19:20.844201068 +0000 @@ -46,6 +46,7 @@ /var/lib/libvirt/dnsmasq/ r, /var/lib/libvirt/dnsmasq/*.leases rw, /var/lib/libvirt/dnsmasq/*.hostsfile r, + /var/lib/libvirt/dnsmasq/*.conf r, # libvirt pid files for dnsmasq /{,var/}run/libvirt/network/ r, /etc/apparmor.d/usr.sbin.dnsmasq is owned by the apparmor-profiles package. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.