15 Apr
2023
15 Apr
'23
15:45
For testing purposes I have variants of upstream qemu, which are supposed to be started via upstream libvirt. Unfortunately, apparmor is denying executing these binaries: type=AVC msg=audit(N.N:N): apparmor="DENIED" operation="exec" profile="libvirtd" name="/usr/lib64/qemu-6.2/bin/qemu-system-x86_64" pid=3956 comm="rpc-libvirtd" requested_mask="x" denied_mask="x" fsuid=475 ouid=0 Apparently adding this to /etc/apparmor.d/abstractions/libvirt-qemu is not enough: /usr/lib64/qemu-6.2 r, /usr/lib64/qemu-6.2/bin r, /usr/lib64/qemu-6.2/bin/qemu-system-x86_64 rmix, What needs to be done to permit execution, except 'systemctl stop apparmor && aa-teardown'? Thanks, Olaf