Public bug reported:
Since Cockpit's "ubuntu stable" VM image got updated from Ubuntu 17.04
to 17.10, the libvirt tests now cause several instances of this AppArmor
denial:
Nov 02 10:19:28 unassigned-hostname audit[1347]: AVC apparmor="DENIED"
operation="open" profile="libvirt-7d476386-ebe3-46fc-b6fc-3afcf7e4346f"
name="/sys/devices/pci0000:00/0000:00:02.0/virtio0/host2/target2:0:2/2:0:2:0/block/sda/queue/max_segments"
pid=1347 comm="qemu-system-x86" requested_mask="r" denied_mask="r"
fsuid=64055 ouid=0
It does not actually break anything, but QEMU might use this for some
optimizations? Reading this kind of hardware information from /sys
seems harmless and useful enough to allow it in the profile.
Note: This seems to be a race condition, I cannot trivially reproduce it
locally. Thus the extra Apport information here does not contain the
violation. But I attach the journal from an instance that does.
ProblemType: Bug
DistroRelease: Ubuntu 17.10
Package: libvirt-daemon 3.6.0-1ubuntu5
ProcVersionSignature: Ubuntu 4.13.0-16.19-generic 4.13.4
Uname: Linux 4.13.0-16-generic x86_64
ApportVersion: 2.20.7-0ubuntu3
Architecture: amd64
Date: Thu Nov 2 11:11:02 2017
SourcePackage: libvirt
UpgradeStatus: No upgrade log present (probably fresh install)
** Affects: libvirt (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apparmor apport-bug artful
** Attachment added: "journal"
https://bugs.launchpad.net/bugs/1729626/+attachment/5002489/+files/TestMachines-testInlineConsole-ubuntu-stable-127.0.0.2-2801-FAIL.log
** Tags added: apparmor
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1729626
Title:
AppArmor denies access to /sys/block/*/queue/max_segments
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1729626/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
