Comment # 14 on bug 1125841 from 
Unfortunately it fails between two lines, not meaningful info is there. In the
meantime I have examined the source code.

My problem comes from here
https://github.com/libvirt/libvirt/blob/600462834f4ec1955a9a48a1b6b4a390b9c31553/src/security/security_driver.c#L69
It calls probe on each item of array of externs: security_drivers.

Probe of apparmor driver is called AppArmorSecurityManagerProbe:
https://github.com/libvirt/libvirt/blob/d56afb8e3997ae19fd7449f773065a2b997dc7c1/src/security/security_apparmor.c#L347
It checks if TEMPLATE.qemu and TEMPLATE.lxc exist (both do as it does not print
error). Before that it checks for use_apparmor(), since later checks were not
even hit (they log errors and if they passed, then I wouldn't get my error),
this must be the culprit.

Now use_apparmor():
https://github.com/libvirt/libvirt/blob/d56afb8e3997ae19fd7449f773065a2b997dc7c1/src/security/security_apparmor.c#L241
First check (virResolveLink) is ok, because it does not print error. Next I
dont' use lxc so no prolem here. Next it can probably access
APPARMOR_PROFILES_PATH. Then it checks if libvirtd profile exists and is in
enforcing mode by calling profile_status(libvirt_daemon, 1).

Now profile_status(libvirt_daemon, 1):
https://github.com/libvirt/libvirt/blob/d56afb8e3997ae19fd7449f773065a2b997dc7c1/src/security/security_apparmor.c#L71
Manually evaluating the code seems to be ok. String building should not fail,
access to APPARMOR_PROFILES_PATH is ok, because it does not print error. The,
libvirtd line is present and "(enforce)" is present next to it. So no problem
here either.

So I have started almighty strace and found that it passed readlink test,
access test just to fail after
https://github.com/libvirt/libvirt/blob/d56afb8e3997ae19fd7449f773065a2b997dc7c1/src/security/security_apparmor.c#L90
It must fail after that point, because it didn't log any error.
Unfortunately, this would mean that strstr failed for some reason... I'll try
to intercept c-library calls to check it out.
Also, I don't see any way how it could possibly work for you :/

You are receiving this mail because: