[Bug 2056739] Re: apparmor="DENIED" operation="open" class="file" profile="virt-aa-helper" name="/etc/gnutls/config"

Mon, 11 Mar 2024 04:00:46 -0700 

Hi Martin,
as always thanks for your post FF testing and reports.

Thank you for also filing bug 2056747 - it starts to show that this is a
generic thing which probably anything linked against gnutls and being
confined will hit.

reverse-depends --release=noble --build-depends libgnutls28-dev | wc -l
182

Unless later decided otherwise I'd think we should not look for many
many individual rules but adding it to an abstraction or so, so for now
I'd mark these as dups to each other and file it against gnutls as well.

** Also affects: chrony (Ubuntu)
   Importance: Undecided
       Status: New

** Description changed:

+ ---
+ ---
+ 
+ Merely booting current noble cloud image with "chrony" installed causes
+ this:
+ 
+ audit: type=1400 audit(1710152842.540:107): apparmor="DENIED"
+ operation="open" class="file" profile="/usr/sbin/chronyd"
+ name="/etc/gnutls/config" pid=878 comm="chronyd" requested_mask="r"
+ denied_mask="r" fsuid=0 ouid=0
+ 
+ --- 
+ ---
+ 
  Running any VM in libvirt causes a new AppArmor violation in current
  noble. This is a regression, this didn't happen in any previous release.
  
  Reproducer:
  
-   virt-install --memory 50 --pxe --virt-type qemu --os-variant
+   virt-install --memory 50 --pxe --virt-type qemu --os-variant
  alpinelinux3.8 --disk none --wait 0 --name test1
  
  (This is the simplest way to create a test VM. But it's form or shape
  doesn't matter at all).
  
  Results in lots of
  
  audit: type=1400 audit(1710146677.570:108): apparmor="DENIED"
  operation="open" class="file" profile="virt-aa-helper"
  name="/etc/gnutls/config" pid=1480 comm="virt-aa-helper"
  requested_mask="r" denied_mask="r" fsuid=0 ouid=0
  
- 
  libvirt-daemon 10.0.0-2ubuntu1
  apparmor 4.0.0~alpha4-0ubuntu1
  libgnutls30:amd64 3.8.3-1ubuntu1

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2056739

Title:
  apparmor="DENIED" operation="open" class="file" profile="virt-aa-
  helper" name="/etc/gnutls/config"

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/2056739/+subscriptions


-- 
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to