Sounds like the path changed.

You'll need to add the following rule to /etc/apparmor.d/usr.sbin.dnsmasq (or 
to the local/ include):
  /var/lib/lxd/networks/lxdbr*/dnsmasq.leases rw,

BTW: Do you know if lxd supports different network interface types that
don't match the lxdbr* name pattern? If yes, we'll need to add a more
permissive rule.

** Also affects: apparmor
   Importance: Undecided
       Status: New

** Tags added: aa-policy

You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.

  In 16.10, LXD won't work with enforced dsnmasq profile

Status in AppArmor:
Status in apparmor package in Ubuntu:

Bug description:
  After upgrading to 16.0, LXD networking stopped working due to
  enforced dnsmasq profile.

  audit: type=1400 audit(1476709813.572:4291): apparmor="DENIED"
  operation="truncate" profile="/usr/sbin/dnsmasq"
  name="/var/lib/lxd/networks/lxdbr0/dnsmasq.leases" pid=13540
  comm="dnsmasq" requested_mask="w" denied_mask="w" fsuid=0 ouid=0

To manage notifications about this bug go to:

Mailing list:
Post to     :
Unsubscribe :
More help   :

Reply via email to