Since it occurred without starting ANY virtual server, the XML definition
would seem to me to be irrelevant.
-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
Eskimo North Linux Friendly Internet Access, Shell Accounts, and Hosting.
Knowledgeable human assistance, not telephone trees or script readers.
See our web site: http://www.eskimo.com/ (206) 812-0051 or (800) 246-6874.
On Fri, 5 Jun 2020, Paride Legovini wrote:
> Date: Fri, 05 Jun 2020 12:16:54 -0000
> From: Paride Legovini <[email protected]>
> To: [email protected]
> Subject: [Bug 1881969] Re: apparmor profile for libvirtd/libvirt-daemon needs
> fixing
>
> Christian: do you think it's worth trying to emulate an actual hardware
> controller instead of using virtio-scsi in your nested VM test setup?
> Maybe sys_rawio is not used with virtio-scsi.
>
> Robert: I think sharing the XML definition of a VM triggering the
> problem would still be useful. You can easily dump it with:
>
> $ virsh list --all # show all the domains
> $ virsh dumpxml <domain name>
>
> One question, just to be sure: does the sys_rawio denial prevent the VM
> from running, or do you see the error but the VM still runs?
>
> Thanks!
>
> --
> You received this bug notification because you are subscribed to the bug
> report.
> https://bugs.launchpad.net/bugs/1881969
>
> Title:
> apparmor profile for libvirtd/libvirt-daemon needs fixing
>
> Status in libvirt package in Ubuntu:
> Incomplete
> Status in libvirt package in Debian:
> Incomplete
>
> Bug description:
> Libvirtd is trying to use a capability being denied it by apparmor.
>
> [474656.842239] audit: type=1400 audit(1591211959.677:101):
> apparmor="DENIED" operation="capable" profile="libvirtd" pid=3393444
> comm="libvirtd" capability=17 capname="sys_rawio"
>
> ProblemType: Bug
> DistroRelease: Ubuntu 20.04
> Package: libvirt-daemon 6.0.0-0ubuntu8.1
> Uname: Linux 5.6.0 x86_64
> ApportVersion: 2.20.11-0ubuntu27.2
> Architecture: amd64
> CasperMD5CheckResult: skip
> CurrentDesktop: MATE
> Date: Wed Jun 3 14:01:30 2020
> InstallationDate: Installed on 2017-05-27 (1103 days ago)
> InstallationMedia: Ubuntu-MATE 17.04 "Zesty Zapus" - Release amd64 (20170412)
> SourcePackage: libvirt
> UpgradeStatus: Upgraded to focal on 2020-04-26 (38 days ago)
> modified.conffile..etc.libvirt.nwfilter.allow-arp.xml: [modified]
> modified.conffile..etc.libvirt.nwfilter.allow-dhcp-server.xml: [modified]
> modified.conffile..etc.libvirt.nwfilter.allow-dhcp.xml: [modified]
> modified.conffile..etc.libvirt.nwfilter.allow-incoming-ipv4.xml: [modified]
> modified.conffile..etc.libvirt.nwfilter.allow-ipv4.xml: [modified]
> modified.conffile..etc.libvirt.nwfilter.clean-traffic-gateway.xml: [modified]
> modified.conffile..etc.libvirt.nwfilter.clean-traffic.xml: [modified]
> modified.conffile..etc.libvirt.nwfilter.no-arp-ip-spoofing.xml: [modified]
> modified.conffile..etc.libvirt.nwfilter.no-arp-mac-spoofing.xml: [modified]
> modified.conffile..etc.libvirt.nwfilter.no-arp-spoofing.xml: [modified]
> modified.conffile..etc.libvirt.nwfilter.no-ip-multicast.xml: [modified]
> modified.conffile..etc.libvirt.nwfilter.no-ip-spoofing.xml: [modified]
> modified.conffile..etc.libvirt.nwfilter.no-mac-broadcast.xml: [modified]
> modified.conffile..etc.libvirt.nwfilter.no-mac-spoofing.xml: [modified]
> modified.conffile..etc.libvirt.nwfilter.no-other-l2-traffic.xml: [modified]
> modified.conffile..etc.libvirt.nwfilter.no-other-rarp-traffic.xml: [modified]
> modified.conffile..etc.libvirt.nwfilter.qemu-announce-self-rarp.xml:
> [modified]
> modified.conffile..etc.libvirt.nwfilter.qemu-announce-self.xml: [modified]
> modified.conffile..etc.libvirt.qemu.networks.default.xml: [modified]
> mtime.conffile..etc.libvirt.nwfilter.allow-arp.xml:
> 2017-05-27T04:38:59.454073
> mtime.conffile..etc.libvirt.nwfilter.allow-dhcp-server.xml:
> 2017-05-27T04:38:58.894071
> mtime.conffile..etc.libvirt.nwfilter.allow-dhcp.xml:
> 2017-05-27T04:38:58.990072
> mtime.conffile..etc.libvirt.nwfilter.allow-incoming-ipv4.xml:
> 2017-05-27T04:38:59.714073
> mtime.conffile..etc.libvirt.nwfilter.allow-ipv4.xml:
> 2017-05-27T04:38:59.522073
> mtime.conffile..etc.libvirt.nwfilter.clean-traffic-gateway.xml:
> 2018-10-27T01:48:21.872648
> mtime.conffile..etc.libvirt.nwfilter.clean-traffic.xml:
> 2017-05-27T04:38:59.582073
> mtime.conffile..etc.libvirt.nwfilter.no-arp-ip-spoofing.xml:
> 2017-05-27T04:38:58.942071
> mtime.conffile..etc.libvirt.nwfilter.no-arp-mac-spoofing.xml:
> 2017-05-27T04:38:59.870074
> mtime.conffile..etc.libvirt.nwfilter.no-arp-spoofing.xml:
> 2017-05-27T04:38:59.818074
> mtime.conffile..etc.libvirt.nwfilter.no-ip-multicast.xml:
> 2017-05-27T04:38:59.110072
> mtime.conffile..etc.libvirt.nwfilter.no-ip-spoofing.xml:
> 2017-05-27T04:38:59.178072
> mtime.conffile..etc.libvirt.nwfilter.no-mac-broadcast.xml:
> 2017-05-27T04:38:59.774074
> mtime.conffile..etc.libvirt.nwfilter.no-mac-spoofing.xml:
> 2017-05-27T04:38:59.254072
> mtime.conffile..etc.libvirt.nwfilter.no-other-l2-traffic.xml:
> 2017-05-27T04:38:59.394073
> mtime.conffile..etc.libvirt.nwfilter.no-other-rarp-traffic.xml:
> 2017-05-27T04:38:59.646073
> mtime.conffile..etc.libvirt.nwfilter.qemu-announce-self-rarp.xml:
> 2017-05-27T04:38:59.050072
> mtime.conffile..etc.libvirt.nwfilter.qemu-announce-self.xml:
> 2017-05-27T04:38:59.322073
> mtime.conffile..etc.libvirt.qemu.networks.default.xml:
> 2017-05-27T04:38:58.478070
>
> To manage notifications about this bug go to:
> https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1881969/+subscriptions
>
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1881969
Title:
apparmor profile for libvirtd/libvirt-daemon needs fixing
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1881969/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
