Public bug reported: Please find that the currently the code in the aa-helper forbids rare, though possible config type:
<os> ... <loader>/usr/share/seabios/bios.bin-1.7.5</loader> ... </os> internal error: Child process (/usr/lib/libvirt/virt-aa-helper -p 0 -r -u libvirt-866ba0e5-405e-442c-8544-fea8171a65c5) unexpected exit status 1: Failed to read classid file: No Access virt-aa-helper: warning: path does not exist, skipping file type checks virt-aa-helper: error: /usr/share/seabios/bios.bin-1.7.5 the same goes for virtio-serial socket, though it can be worked out just in the policy file instead of code patching: <channel type='unix'> <source mode='bind' path='/var/lib/libvirt/qemu/vmtest.sock'/> <target type='virtio' name='org.qemu.guest_agent.0'/> <address type='virtio-serial' controller='0' bus='0' port='1'/> </channel> Also there is a trivial change for reading /etc/ceph/keyring.bin as the Ceph-enabled setups are flooding logs with this forbidden location as well. ** Affects: libvirt (Ubuntu) Importance: Undecided Status: New ** Tags: apparmor ** Summary changed: - Custom rom and socket locations is not allowed by aa-helper + Custom rom and socket locations are not allowed by aa-helper -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in Ubuntu. https://bugs.launchpad.net/bugs/1466911 Title: Custom rom and socket locations are not allowed by aa-helper To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1466911/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs