[Bug 1070914] New: libvirt AppArmor profile
http://bugzilla.opensuse.org/show_bug.cgi?id=1070914 Bug ID: 1070914 Summary: libvirt AppArmor profile Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: openSUSE 42.2 Status: NEW Severity: Normal Priority: P5 - None Component: Virtualization:Other Assignee: jfehlig@suse.com Reporter: suse-beta@cboltz.de QA Contact: qa-bugs@suse.de Found By: Beta-Customer Blocker: --- After enabling security_default_confined in /etc/libvirt/qemu.conf, I see this AppArmor denial: type=AVC msg=audit(1512321742.432:6607): apparmor="DENIED" operation="open" profile="libvirt-ed0e8433-073f-4dfb-823c-e553399d21aa" name="/proc/21094/cmdline" pid=23579 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=297 ouid=0 Please add @{PROC}/@{pids}/cmdline r, to the profile template profile template to fix this. -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1070914 Christian Boltz <suse-beta@cboltz.de> changed: What |Removed |Added ---------------------------------------------------------------------------- Summary|libvirt AppArmor profile |libvirt-* AppArmor profile | |doesn't allow | |/proc/*/cmdline -- You are receiving this mail because: You are on the CC list for the bug.
http://bugzilla.opensuse.org/show_bug.cgi?id=1070914 http://bugzilla.opensuse.org/show_bug.cgi?id=1070914#c1 James Fehlig <jfehlig@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Status|NEW |RESOLVED Resolution|--- |FIXED --- Comment #1 from James Fehlig <jfehlig@suse.com> --- I committed the fix upstream just in time for 3.10.0 release. Submitted to Factory as SR#548220. -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@novell.com