Comment # 9 on bug 1202191 from 
(In reply to James Fehlig from comment #8)
> (In reply to Andy Millman from comment #7)

> > type=AVC msg=audit(1660069242.885:1229): apparmor="DENIED"
> > operation="file_mmap" profile="dnsmasq//libvirt_leaseshelper"
> > name="/usr/libexec/libvirt_leaseshelper" pid=7328 comm="libvirt_leasesh"
> > requested_mask="r" denied_mask="r" fsuid=0 ouid=0

This is bug 1202161 - and already fixed (IIRC it's already in the latest
Tumbleweed snapshot).

> > type=ANOM_ABEND msg=audit(1660069242.885:1230): auid=4294967295 uid=0 gid=0
> > ses=4294967295 subj==dnsmasq//libvirt_leaseshelper (enforce) pid=7328
> > comm="libvirt_leasesh" exe="/usr/libexec/libvirt_leaseshelper" sig=11 res=1

That's a follow-up problem of the previous denial.

> I think we need help from an apparmor maintainer to properly decipher these
> messages. But they should be unrelated to your problem of "error : cannot
> execute binary /usr/libexec/virt-aa-helper: Permission denied".

Most boring question first: Do you have *.rpmnew files in /etc/apparmor.d/
(especially for dnsmasq or *virt*)? If so, please rename them (remove the
'.rpmnew' part, overwriting the old existing profile - doing a diff first never
hurts).

If you still see problems, please check your audit.log for more DENIED lines.

You are receiving this mail because: