James Fehlig changed bug 1202191
What Removed Added
CC   suse-beta@cboltz.de

Comment # 8 on bug 1202191 from 
(In reply to Andy Millman from comment #7)
> Weird. One other person on reddit has reported this bug, so I know it's not
> just me. But on the other hand I would have expected more people to have
> reported this, so possibly only affecting some users?

I suppose. Let's try to figure out what is different between our setups. My TW
is a minimal installation via autoyast. I have the following apparmor packages
installed

libapparmor1-3.0.6-1.1.x86_64
apparmor-abstractions-3.0.6-1.1.noarch
apparmor-parser-3.0.6-1.1.x86_64
apparmor-profiles-3.0.6-2.1.noarch

And with VM confinement enabled in /etc/libvirt/qemu.conf and one VM running,
the output of apparmor_status

apparmor module is loaded.
61 profiles are loaded.
61 profiles are in enforce mode.
   /usr/bin/lessopen.sh
   apache2
   apache2//DEFAULT_URI
   apache2//HANDLING_UNTRUSTED_INPUT
   apache2//phpsysinfo
   avahi-daemon
   dnsmasq
   dnsmasq//libvirt_leaseshelper
   dovecot
   dovecot-anvil
   dovecot-auth
   dovecot-config
   dovecot-deliver
   dovecot-dict
   dovecot-dovecot-auth
   dovecot-dovecot-lda
   dovecot-dovecot-lda//sendmail
   dovecot-imap
   dovecot-imap-login
   dovecot-lmtp
   dovecot-log
   dovecot-managesieve
   dovecot-managesieve-login
   dovecot-pop3
   dovecot-pop3-login
   dovecot-script-login
   dovecot-ssl-params
   dovecot-stats
   identd
   klogd
   libvirt-f25e648e-1e3e-4316-8702-ae3cbf6aded0
   libvirtd
   libvirtd//qemu_bridge_helper
   lsb_release
   mdnsd
   nmbd
   nscd
   ntpd
   nvidia_modprobe
   nvidia_modprobe//kmod
   php-fpm
   ping
   samba-bgqd
   samba-dcerpcd
   samba-rpcd
   samba-rpcd-classic
   samba-rpcd-spoolss
   smbd
   smbldap-useradd
   smbldap-useradd///etc/init.d/nscd
   syslog-ng
   syslogd
   traceroute
   virt-aa-helper
   virtqemud
   virtqemud//qemu_bridge_helper
   virtxend
   winbindd
   zgrep
   zgrep//helper
   zgrep//sed
0 profiles are in complain mode.
0 profiles are in kill mode.
0 profiles are in unconfined mode.
2 processes have profiles defined.
2 processes are in enforce mode.
   /usr/bin/qemu-system-x86_64 (2258)
libvirt-f25e648e-1e3e-4316-8702-ae3cbf6aded0
   /usr/sbin/libvirtd (2182) libvirtd
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
0 processes are in mixed mode.
0 processes are in kill mode.

> type=AVC msg=audit(1660069242.885:1229): apparmor="DENIED"
> operation="file_mmap" profile="dnsmasq//libvirt_leaseshelper"
> name="/usr/libexec/libvirt_leaseshelper" pid=7328 comm="libvirt_leasesh"
> requested_mask="r" denied_mask="r" fsuid=0 ouid=0
> type=ANOM_ABEND msg=audit(1660069242.885:1230): auid=4294967295 uid=0 gid=0
> ses=4294967295 subj==dnsmasq//libvirt_leaseshelper (enforce) pid=7328
> comm="libvirt_leasesh" exe="/usr/libexec/libvirt_leaseshelper" sig=11 res=1

I think we need help from an apparmor maintainer to properly decipher these
messages. But they should be unrelated to your problem of "error : cannot
execute binary /usr/libexec/virt-aa-helper: Permission denied". FTR

# ll /usr/libexec/virt-aa-helper
-rwxr-xr-x 1 root root 39616 Aug  4 06:21 /usr/libexec/virt-aa-helper

You are receiving this mail because: