Public bug reported: /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper uses abstractions/base which has the following: owner @{HOME}/.Private/** mrixwlk, owner @{HOMEDIRS}/.ecryptfs/*/.Private/** mrixwlk,
This may be too strict for virt-aa-helper since it runs as root and user's may store there VMs in encrypted HOME or encrypted ~/Private with the files owned by the user, not root. The following should be added to /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper: @{HOME}/.Private/** mrixwlk, @{HOMEDIRS}/.ecryptfs/*/.Private/** mrixwlk, ** Affects: libvirt (Ubuntu) Importance: Medium Assignee: Jamie Strandboge (jdstrand) Status: Triaged ** Affects: libvirt (Ubuntu Lucid) Importance: Medium Assignee: Jamie Strandboge (jdstrand) Status: Triaged ** Affects: libvirt (Ubuntu Maverick) Importance: Medium Assignee: Jamie Strandboge (jdstrand) Status: Triaged ** Changed in: libvirt (Ubuntu) Importance: Undecided => Medium ** Changed in: libvirt (Ubuntu) Status: New => Triaged ** Changed in: libvirt (Ubuntu) Assignee: (unassigned) => Jamie Strandboge (jdstrand) ** Also affects: libvirt (Ubuntu Lucid) Importance: Undecided Status: New ** Also affects: libvirt (Ubuntu Maverick) Importance: Medium Assignee: Jamie Strandboge (jdstrand) Status: Triaged ** Changed in: libvirt (Ubuntu Lucid) Status: New => Triaged ** Changed in: libvirt (Ubuntu Lucid) Importance: Undecided => Medium ** Changed in: libvirt (Ubuntu Lucid) Assignee: (unassigned) => Jamie Strandboge (jdstrand) ** Changed in: libvirt (Ubuntu Lucid) Milestone: None => lucid-updates -- apparmor denies virt-aa-helper access to ecryptfs files https://bugs.launchpad.net/bugs/591769 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs