> > So while the /dev/zd0 denial was expected, the /proc/$pid/task/$pid/comm > ones were not.
Oh those where expected by me, I just would have hoped they are gone now - see bug 1615550 But I see you found it already. > To address those, I applied the patch attached. Yeah I didn't realize in my quick patch that it doesn't only read but actually rewrite the comm for the debug threads feature. I also like your owner and pid check - which makes it more secure but still allowing the needed access. I think I need an apparmor training :-); Thanks for your help! I updated the ppa and it should now also got rid of these apparmor messages while keeping your hosts fix in place. Please if possible retest with that one. I also think once we have confirmed that these both fixes help I'm gonna submit them upstream. They don't have to stay a Ubuntu delta forever. Since you did most IMHO please let me know if you want to do that. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1546674 Title: virt-aa-helper Apparmor profile missing rules for name resolution To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1546674/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs