Note that libvirt generates its own AppArmor profiles dynamically, so
this does not appear to be an issue in the apparmor package itself.
** Also affects: libvirt (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/2121832
Title:
after recent apt upgrade apparmdenies or virtio graphics access to PCI
GPU device
Status in apparmor package in Ubuntu:
New
Status in libvirt package in Ubuntu:
New
Bug description:
after an apt update && apt upgrade this morning, a libvirt linux guest
that uses virtio gl graphics no longer starts. it appears to trace
back to messages logged when the vm is started:
[ 831.675127] audit: type=1400 audit(1756755746.150:506): apparmor="DENIED"
operation="open" class="file"
profile="libvirt-bab34a3b-a169-4d55-af9b-3d36935aa471"
name="/sys/devices/pci0000:00/0000:00:08.1/0000:66:00.0/drm/" pid=7954
comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0
[ 831.675133] audit: type=1400 audit(1756755746.150:507): apparmor="DENIED"
operation="open" class="file"
profile="libvirt-bab34a3b-a169-4d55-af9b-3d36935aa471"
name="/sys/devices/pci0000:00/0000:00:08.1/0000:66:00.0/drm/" pid=7954
comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0
[ 831.703052] qemu-system-x86[7954]: segfault at 0 ip 00007e17da469370 sp
00007fff00a2c4f0 error 4 in ui-spice-core.so[a370,7e17da465000+7000] likely on
CPU 16 (core 8, socket 0)
[ 831.703071] Code: 84 c0 74 26 48 8b 05 07 6c 00 00 80 38 00 74 1a 83 bb 10
01 00 00 00 74 11 80 bb 14 01 00 00 00 75 3e 0f 1f 84 00 00 00 00 00 <8b> 04 25
00 00 00 00 0f 0b 48 8b 05 d0 6b 00 00 66 83 38 00 74 b7
[ 831.732226] audit: type=1400 audit(1756755746.208:508): apparmor="DENIED"
operation="mknod" class="file"
profile="libvirt-bab34a3b-a169-4d55-af9b-3d36935aa471" name="/core.7954"
pid=7954 comm="qemu-system-x86" requested_mask="c" denied_mask="c" fsuid=64055
ouid=64055
prior to this upgrade, the vm started properly on this machine running
kubuntu 25.10
ProblemType: Bug
DistroRelease: Ubuntu 25.10
Package: apparmor 5.0.0~alpha1-0ubuntu4
ProcVersionSignature: Ubuntu 6.16.0-16.16-generic 6.16.0
Uname: Linux 6.16.0-16-generic x86_64
NonfreeKernelModules: nvidia_modeset nvidia zfs
ApportVersion: 2.33.1-0ubuntu2
Architecture: amd64
CasperMD5CheckResult: unknown
CurrentDesktop: KDE
Date: Mon Sep 1 12:46:47 2025
ProcKernelCmdline: root=zfs:zroot/ROOT/ubuntu loglevel=4
spl.spl_hostid=0x00bab10c
SourcePackage: apparmor
UpgradeStatus: No upgrade log present (probably fresh install)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2121832/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
