So, TL;DR we have all we need (there are plenty of other cases it might fail and all report error values from virt-aa-helper to stdout/stderr.
But the virCommandRun in security does only let those errors to the log but not forwards them. So capture output/error and in bad-rc case report it. This means it reports whatever virt-aa-helper said, followed by the upper laye message of "can't load/update profile" ... That should be just what we want. One has to be careful as there are no guarantees output/error is set on bad execution, but we can check and only report if set. It also needs a free on the exit path. I had a test, but then remembered that virsh by-design is intended to not flood you with errors. Essentially on a virsh error you get the LAST raised error, but everything more is in the log. This was by design as in the past if e.g. there were loops or other long issues all that flooded the console and made it unreadable. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1767934 Title: breaking the apparmor profile leads to misleading error messages To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1767934/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
