This bug was fixed in the package libvirt - 4.0.0-1ubuntu5
---
libvirt (4.0.0-1ubuntu5) bionic; urgency=medium
* run dnsmasq as libvirt-dnsmasq (LP: #1743718)
- d/libvirt-daemon-system.postinst: add libvirt-dnsmasq user and group
- d/libvirt-daemon-system.postrm: remove
I pushed the commit upstream after some review, ready to be included in
Bionic with the next upload.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1696471
Title:
AppArmor denies access to
** Tags added: 4.0.0-1ubuntu5
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1696471
Title:
AppArmor denies access to /etc/gss/mech.d/
To manage notifications about this bug go to:
Submitted as https://www.redhat.com/archives/libvir-
list/2018-March/msg00328.html
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1696471
Title:
AppArmor denies access to /etc/gss/mech.d/
To manage
Rule tested, not breaking things - fixing the deny as intended.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1696471
Title:
AppArmor denies access to /etc/gss/mech.d/
To manage notifications
Rule we need is:
/etc/gss/mech.d/ r,
To trigger we need "libsasl2-modules-gssapi-mit" installed.
That makes qemu read the dir.
In there one only defines additional plugins to be loaded, and I can
understand that this might be needed by sasl.
I think it is safe to allow still and will submit
I have seen the same recently, but for without a clear repro I can't upstream.
Also we don't know the impact of that missing yet.
Lets fix it in Bionic as ubuntu custom change for now, and if we find a
way to repro-trigger intentionally and understand the impact of the lack
I can upstream it.
--
Sorry for the delay, I finally found some time to get back to this. This
is still reproducible on current Ubuntu 17.10:
virsh define m.xml
qemu-img create -f qcow2 /var/lib/libvirt/images/subVmTest1-2.img 128M
virsh start subVmTest1
dmesg shows:
[ 319.220193] audit: type=1400
Forgot to mention: I didn't change any libvirt config files, in
particular not the ones you mentioned:
# dpkg -s libvirt-daemon-system | grep libvirt.conf
/etc/sasl2/libvirt.conf 09c4fa846e8e27bfa3ab3325900d63ea
# md5sum /etc/sasl2/libvirt.conf
09c4fa846e8e27bfa3ab3325900d63ea
Yeah, thanks Martin, if that is the case I agree to this plan of action.
As soon as we can explain what triggers it I likely can easily bring
something upstream.
If you want to discuss potential experiments/reproducers feel free to
catch me on IRC.
--
You received this bug notification because
This still happens all the time, also in 17.10, reopening. I need to
find some time to create a reproducer that doesn't involve the Cockpit
tests.
** Changed in: libvirt (Ubuntu)
Status: Expired => Incomplete
** Changed in: libvirt (Ubuntu Xenial)
Status: Expired => Confirmed
--
[Expired for libvirt (Ubuntu Xenial) because there has been no activity
for 60 days.]
** Changed in: libvirt (Ubuntu Xenial)
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
[Expired for libvirt (Ubuntu) because there has been no activity for 60
days.]
** Changed in: libvirt (Ubuntu)
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
Hi Martin,
I'm currently trying to clean up bugs that were missed or got no update.
First I have to beg your pardon for missing it in the first place.
I have run spice sessions without that showing up, so I checked what that
actually is about.
In general that directory is to plug configs for the
14 matches
Mail list logo
