On 2016-10-24 11:08 AM, ChristianEhrhardt wrote: > Hi, > unfortunately after a reboot of my host my local reproducibility is gone :-/ > > I don't know if you could, but would like to ask if one of you think you can > verify that in Yakkety or Zesty. > The way the apparmor rules get created changed in >=Yakkety and since we have > to start with the devel releases that is the place to go for the first > verification. > Still Y&Z are widely the same, so I build for both in a ppa. > > I build the suggested fix (along another one) in > https://launchpad.net/~paelzer/+archive/ubuntu/libvirt-bug-1546674-1615550/+packages. > It would be great of one of you could test it there.
Thanks for providing this testing PPA. I was able to test the Yakkety version of your package. With it, I get the following Apparmor messages (also attached here): apparmor="DENIED" operation="open" profile="/usr/lib/libvirt/virt-aa-helper" name="/dev/zd0" pid=3357 comm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 apparmor="DENIED" operation="open" profile="libvirt-UUID" name="/proc/3374/task/3391/comm" pid=3374 comm="qemu-system-x86" requested_mask="wr" denied_mask="wr" fsuid=111 ouid=111 ... apparmor="DENIED" operation="open" profile="libvirt-UUID" name="/proc/3374/task/3414/comm" pid=3413 comm="qemu-system-x86" requested_mask="wr" denied_mask="wr" fsuid=111 ouid=111 So while the /dev/zd0 denial was expected, the /proc/$pid/task/$pid/comm ones were not. To address those, I applied the patch attached. ** Patch added: "aa-libvirt-qemu.patch" https://bugs.launchpad.net/bugs/1546674/+attachment/4767869/+files/aa-libvirt-qemu.patch ** Attachment added: "apparmor-syslog.log" https://bugs.launchpad.net/bugs/1546674/+attachment/4767870/+files/apparmor-syslog.log -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1546674 Title: virt-aa-helper Apparmor profile missing rules for name resolution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1546674/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs