[Bug 1610368] Re: qemu-system-x86_64 read acces DENIED in apparmor
*** This bug is a duplicate of bug 1552241 *** https://bugs.launchpad.net/bugs/1552241 Hi, getting to my attention now due to the drop of upstream qemu. This is actually a dup of bug 1552241 TL;DR: - yes it is an issue - the /run/udev/data/* blanket is considered "too open" - a correct fix needs some serious development in virt-aa-helper - until this is done upstream users who want to opt-in need to opt-in (to get functionality but also unsafety) by making the profile less restrictive in /etc/apparmor.d/abstractions/libvirt-qemu ** This bug has been marked a duplicate of bug 1552241 libvirt-bin apparmor settings for usb host device -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1610368 Title: qemu-system-x86_64 read acces DENIED in apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1610368/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1610368] Re: qemu-system-x86_64 read acces DENIED in apparmor
** No longer affects: qemu -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1610368 Title: qemu-system-x86_64 read acces DENIED in apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1610368/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1610368] Re: qemu-system-x86_64 read acces DENIED in apparmor
** Also affects: qemu Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1610368 Title: qemu-system-x86_64 read acces DENIED in apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/qemu/+bug/1610368/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1610368] Re: qemu-system-x86_64 read acces DENIED in apparmor
Looking at the contents of those files, I think giving libvirt vms read access by default to all of them should be safe. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1610368 Title: qemu-system-x86_64 read acces DENIED in apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1610368/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1610368] Re: qemu-system-x86_64 read acces DENIED in apparmor
apparmor profile $ cat /etc/apparmor.d/libvirt/libvirt-d694857f-577a-45d4-81d2-4f3672ae7bd4 # # This profile is for the domain whose UUID matches this file. # #include profile libvirt-d694857f-577a-45d4-81d2-4f3672ae7bd4 { #include #include } -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1610368 Title: qemu-system-x86_64 read acces DENIED in apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1610368/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
[Bug 1610368] Re: qemu-system-x86_64 read acces DENIED in apparmor
$ cat /etc/apparmor.d/libvirt/libvirt-d694857f-577a-45d4-81d2-4f3672ae7bd4.files # DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT. "/var/log/libvirt/**/win8.1.log" w, "/var/lib/libvirt/qemu/domain-win8.1/monitor.sock" rw, "/var/run/libvirt/**/win8.1.pid" rwk, "/run/libvirt/**/win8.1.pid" rwk, "/var/run/libvirt/**/*.tunnelmigrate.dest.win8.1" rw, "/run/libvirt/**/*.tunnelmigrate.dest.win8.1" rw, "/TEMPO/VMS/win81.qcow2" rw, # for qemu guest agent channel owner "/var/lib/libvirt/qemu/channel/target/domain-win8.1/**" rw, "/dev/bus/usb/002/010" rw, "/dev/net/tun" rw, -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1610368 Title: qemu-system-x86_64 read acces DENIED in apparmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1610368/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs