Also even when setting the profile to aa-complain I see: [14406.210381] audit: type=1400 audit(1491482071.335:67): apparmor="ALLOWED" operation="setrlimit" profile="/usr/sbin/libvirtd" pid=7674 comm="libvirtd" rlimit=memlock value=2164260864
So far so good, but still the value is not raised. As if the action never happened. So on an ALLOWED setrlimit to pid 7674 the value afterwards is not the value set in the call. Hrm - puzzled ... -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1679704 Title: libvirt profile is blocking global setrlimit despite having no rlimit rule To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1679704/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
