Hello, Am Donnerstag, 30. November 2017, 01:40:30 CET schrieb Jim Fehlig:
I finally got around to updating my TW machine. Rather than trying kernel 4.14.1, I immediately installed kernel 4.14.2-3.1.gb5596a5
Good choice ;-) - 4.14.0 and .1 have a "nice" bug.
The only problem I noticed was the following when shutting down a confined VM
type=AVC msg=audit(1512002299.742:131): apparmor="DENIED" operation="open" profile="libvirt-66154842-e926-4f92-92f0-1c1bf61dd1ff" name="/proc/1475/cmdline" pid=2958 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=469 ouid=0
Adding the following rule to the libvirt-qemu abstraction squelches the denial
@{PROC}/@{pid}/cmdline r,
Christian, do you think that rule is satisfactory? If so, I'll submit it upstream. Thanks!
Yes, this rule looks correct, so please submit it upstream ;-) Regards, Christian Boltz -- * tigerfoot [sarcastic mode] Didn't we remove *kit from 12.2 ? [/end mode] <simon123> tigerfoot: we will never get rid of *Kit, they will always invent another one :( [from #opensuse-project] -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org