Mailinglist Archive: opensuse-factory (765 mails)

< Previous Next >
Re: [opensuse-factory] apparmor, kernel 4.14 and libvirtd

Am Donnerstag, 30. November 2017, 01:40:30 CET schrieb Jim Fehlig:
I finally got around to updating my TW machine. Rather than trying
kernel 4.14.1, I immediately installed kernel 4.14.2-3.1.gb5596a5

Good choice ;-) - 4.14.0 and .1 have a "nice" bug.

The only problem I noticed was the following when shutting down a
confined VM

type=AVC msg=audit(1512002299.742:131): apparmor="DENIED"
name="/proc/1475/cmdline" pid=2958 comm="qemu-system-x86"
requested_mask="r" denied_mask="r" fsuid=469 ouid=0

Adding the following rule to the libvirt-qemu abstraction squelches
the denial

@{PROC}/@{pid}/cmdline r,

Christian, do you think that rule is satisfactory? If so, I'll submit
it upstream. Thanks!

Yes, this rule looks correct, so please submit it upstream ;-)


Christian Boltz
* tigerfoot [sarcastic mode] Didn't we remove *kit from 12.2 ? [/end
<simon123> tigerfoot: we will never get rid of *Kit, they will always
invent another one :(
[from #opensuse-project]

To unsubscribe, e-mail: opensuse-factory+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-factory+owner@xxxxxxxxxxxx

< Previous Next >