I'm not entirely sure if the pathing for the XDG things is correct in libvirt.
The usual rule from mesa  [1] would be:
  owner @{HOME}/.cache/ w, # if user clears all caches

But that does not work as user is libvirt-qemu which has a home in 
  libvirt-qemu:x:108:135:Libvirt Qemu,,,:/var/lib/libvirt:/bin/false

But the rule above does not fix the following issue:
apparmor="DENIED" operation="mkdir" 
name="/var/lib/libvirt/.cache/" pid=12056 comm="qemu-system-x86" 
requested_mask="c" denied_mask="c" fsuid=108 ouid=108

fsuid == ouid == 108 matches the user id.
The path matches what I'd expect

And the file for the guest has the rule rendered:
  owner "@{HOME}/.cache/" w

Why does this still fail?!


You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

  more apparmor denials for opengl usage

To manage notifications about this bug go to:

ubuntu-bugs mailing list

Reply via email to