*** This bug is a duplicate of bug 1552241 ***
https://bugs.launchpad.net/bugs/1552241
Hi,
getting to my attention now due to the drop of upstream qemu.
This is actually a dup of bug 1552241
TL;DR:
- yes it is an issue
- the /run/udev/data/* blanket is considered "too open"
- a correct fix
** No longer affects: qemu
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1610368
Title:
qemu-system-x86_64 read acces DENIED in apparmor
To manage notifications about this bug go to:
** Also affects: qemu
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1610368
Title:
qemu-system-x86_64 read acces DENIED in apparmor
To manage
Looking at the contents of those files, I think giving libvirt vms read
access by default to all of them should be safe.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1610368
Title:
apparmor profile
$ cat /etc/apparmor.d/libvirt/libvirt-d694857f-577a-45d4-81d2-4f3672ae7bd4
#
# This profile is for the domain whose UUID matches this file.
#
#include
profile libvirt-d694857f-577a-45d4-81d2-4f3672ae7bd4 {
#include
#include
}
--
You received this bug notification
$ cat
/etc/apparmor.d/libvirt/libvirt-d694857f-577a-45d4-81d2-4f3672ae7bd4.files
# DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT.
"/var/log/libvirt/**/win8.1.log" w,
"/var/lib/libvirt/qemu/domain-win8.1/monitor.sock" rw,
"/var/run/libvirt/**/win8.1.pid" rwk,