[Bug 1693115] [NEW] apparmor denial: qemu cannot read /proc/*/cmdline

Wed, 24 May 2017 00:26:16 -0700 

Public bug reported:

When using libvirt to run QEMU instances, I get an AppArmor violation:

type=1400 audit(1495609606.700:14): apparmor="DENIED" operation="open"
profile="libvirt-fd3f661a-7fe3-4ab2-b1e8-d16efb5107c5"
name="/proc/1210/cmdline" pid=6002 comm="qemu-system-x86"
requested_mask="r" denied_mask="r" fsuid=64055 ouid=0

This should be mostly harmless, but it does trigger a red flag in
Cockpit's tests. This does not happen yet on Ubuntu 16.04.

ProblemType: Bug
DistroRelease: Ubuntu 17.04
Package: libvirt-daemon-system 2.5.0-3ubuntu5
ProcVersionSignature: Ubuntu 4.10.0-21.23-generic 4.10.11
Uname: Linux 4.10.0-21-generic x86_64
ApportVersion: 2.20.4-0ubuntu4
Architecture: amd64
Date: Wed May 24 03:10:38 2017
SourcePackage: libvirt
UpgradeStatus: No upgrade log present (probably fresh install)
mtime.conffile..etc.libvirt.nwfilter.allow-arp.xml: 2017-05-18T03:58:12.624084
mtime.conffile..etc.libvirt.nwfilter.allow-dhcp-server.xml: 
2017-05-18T03:58:13.244394
mtime.conffile..etc.libvirt.nwfilter.allow-dhcp.xml: 2017-05-18T03:58:13.140342
mtime.conffile..etc.libvirt.nwfilter.allow-incoming-ipv4.xml: 
2017-05-18T03:58:12.932238
mtime.conffile..etc.libvirt.nwfilter.allow-ipv4.xml: 2017-05-18T03:58:13.192368
mtime.conffile..etc.libvirt.nwfilter.clean-traffic.xml: 
2017-05-18T03:58:13.044294
mtime.conffile..etc.libvirt.nwfilter.no-arp-ip-spoofing.xml: 
2017-05-18T03:58:13.344444
mtime.conffile..etc.libvirt.nwfilter.no-arp-mac-spoofing.xml: 
2017-05-18T03:58:12.836190
mtime.conffile..etc.libvirt.nwfilter.no-arp-spoofing.xml: 
2017-05-18T03:58:12.688116
mtime.conffile..etc.libvirt.nwfilter.no-ip-multicast.xml: 
2017-05-18T03:58:12.884214
mtime.conffile..etc.libvirt.nwfilter.no-ip-spoofing.xml: 
2017-05-18T03:58:12.788166
mtime.conffile..etc.libvirt.nwfilter.no-mac-broadcast.xml: 
2017-05-18T03:58:13.292418
mtime.conffile..etc.libvirt.nwfilter.no-mac-spoofing.xml: 
2017-05-18T03:58:12.984264
mtime.conffile..etc.libvirt.nwfilter.no-other-l2-traffic.xml: 
2017-05-18T03:58:12.736140
mtime.conffile..etc.libvirt.nwfilter.no-other-rarp-traffic.xml: 
2017-05-18T03:58:13.092318
mtime.conffile..etc.libvirt.nwfilter.qemu-announce-self-rarp.xml: 
2017-05-18T03:58:13.396470
mtime.conffile..etc.libvirt.nwfilter.qemu-announce-self.xml: 
2017-05-18T03:58:12.572058
mtime.conffile..etc.libvirt.qemu.networks.default.xml: 
2017-05-18T03:58:12.303924

** Affects: libvirt (Ubuntu)
     Importance: Undecided
         Status: New


** Tags: amd64 apparmor apport-bug zesty

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1693115

Title:
  apparmor denial: qemu cannot read /proc/*/cmdline

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1693115/+subscriptions

-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to