Public bug reported:
Please find that the currently the code in the aa-helper forbids rare,
though possible config type:
<os>
...
<loader>/usr/share/seabios/bios.bin-1.7.5</loader>
...
</os>
internal error: Child process (/usr/lib/libvirt/virt-aa-helper -p 0 -r -u
libvirt-866ba0e5-405e-442c-8544-fea8171a65c5) unexpected exit status 1: Failed
to read classid file: No Access
virt-aa-helper: warning: path does not exist, skipping file type checks
virt-aa-helper: error: /usr/share/seabios/bios.bin-1.7.5
the same goes for virtio-serial socket, though it can be worked out just
in the policy file instead of code patching:
<channel type='unix'>
<source mode='bind' path='/var/lib/libvirt/qemu/vmtest.sock'/>
<target type='virtio' name='org.qemu.guest_agent.0'/>
<address type='virtio-serial' controller='0' bus='0' port='1'/>
</channel>
Also there is a trivial change for reading /etc/ceph/keyring.bin as the
Ceph-enabled setups are flooding logs with this forbidden location as
well.
** Affects: libvirt (Ubuntu)
Importance: Undecided
Status: New
** Tags: apparmor
** Summary changed:
- Custom rom and socket locations is not allowed by aa-helper
+ Custom rom and socket locations are not allowed by aa-helper
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in Ubuntu.
https://bugs.launchpad.net/bugs/1466911
Title:
Custom rom and socket locations are not allowed by aa-helper
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1466911/+subscriptions
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
