Package: libvirt-daemon-system Version: 3.5.0-1 Severity: important Tags: fixed-upstream Control: forwarded -1 https://www.redhat.com/archives/libvir-list/2017-July/msg00604.html
Hi, Debian is affected by a regression that affects how virt-aa-helper can update the .files AppArmor profile: https://www.redhat.com/archives/libvir-list/2017-July/msg00604.html This is supposedly fixed upstream in commit 5e515b542d7f0940396c74bf8f6cb337d5d0dcc5, that is included in 3.6.0. I'm reporting this here so that affected Debian users know what's going on. I'm happy to try again once 3.6.0 is uploaded to sid, feel free to close this bug in the 3.6.0-1 upload :) In my case, qemu-img info says: image: /var/lib/libvirt/images/tails-builder-amd64-jessie-20170729-9043b1ef44_default.img backing file: /var/lib/libvirt/images/tails-builder-amd64-jessie-20170729-9043b1ef44_vagrant_box_image_0.img The Journal says: AVC apparmor="DENIED" operation="open" profile="libvirt-f756c536-c6c3-4b5c-be95-2a7c2e39b06e" name="/var/lib/libvirt/images/tails-builder-amd64-jessie-20170729-9043b1ef44_vagrant_box_image_0.img" pid=22439 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=119 ouid=119 And indeed /etc/apparmor.d/libvirt/libvirt-f756c536-c6c3-4b5c-be95-2a7c2e39b06e.files has nothing about tails-builder-amd64-jessie-20170729-9043b1ef44_vagrant_box_image_0.img. Cheers, -- intrigeri