I was looking into reproducing this to be able to fix&verify then afterwards.
I don't see the messages either with my setup, but I 100% trust Simon to have a 
correct report.

It all is for name resolution and the profile change is only for read - so it 
will be safe.
We just need to able to reproduce.

So I just assume we have to find the bit of config triggering the issue
(we will need repro steps for SRU anyway after all).

I'd have expected this to be due to libnss-libvirt 
(https://libvirt.org/nss.html) as it got added in yakkety. It would be the code 
that matches the denies.
But the reports are on Xenial so that can't be it.

I usually create my most basic test guests with:
uvt-simplestreams-libvirt sync --source http://cloud-images.ubuntu.com/daily 
arch=amd64 label=daily release=xenial
uvt-kvm create --memory 2048 --cpu 4 --password=ubuntu xenial-kernel-test 
release=xenial arch=amd64 label=daily

And as smb reports that doesn't trigger the issue.
@Simon could you create a guest with uvt as I shown above and check if that 
guest is free of the issue for you was well?
If yes - we have to compare the guest xml vs your usually used one.
If now - we have to check your local libvirt setup for what triggers this, so 
you might report any diff in libvirt.conf or (less likely) 
/etc/libvirt/qemu.conf that might be related then

** Changed in: libvirt (Ubuntu Xenial)
     Assignee: (unassigned) => ChristianEhrhardt (paelzer)

** Changed in: libvirt (Ubuntu)
     Assignee: (unassigned) => ChristianEhrhardt (paelzer)

You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

  virt-aa-helper Apparmor profile missing rules for name resolution

To manage notifications about this bug go to:

ubuntu-bugs mailing list

Reply via email to