Hi, On Fri, Aug 03, 2018 at 07:31:33PM +0800, Haruki TSURUMOTO wrote: > Package: libvirt-daemon-system > Version: 3.0.0-4+deb9u3 > Severity: normal > X-Debbugs-Cc: appar...@packages.debian.org > > Dear maintainers, (CCed: apparmor-maintainers) > > I had enabled AppArmor on my debian stretch machine. > I found some libvirt's open operations are DENIED by apparmor. > Please see below. > > ``` > Jul 30 20:35:22 debian-tsr-nuc1 kernel: [ 39.503726] audit: type=1400 > audit(1532950522.067:41): apparmor="DENIED" operation="open" > profile="libvirt-2453a1d1-16fd-446a-b7df-3b1b0ac4a506" > name="/sys/devices/system/node/" pid=1307 comm="qemu-system-x86" > requested_mask="r" denied_mask="r" fsuid=64055 ouid=0 > Jul 30 20:35:22 debian-tsr-nuc1 kernel: [ 39.503778] audit: type=1400 > audit(1532950522.067:42): apparmor="DENIED" operation="open" > profile="libvirt-2453a1d1-16fd-446a-b7df-3b1b0ac4a506" > name="/sys/devices/system/cpu/" pid=1307 comm="qemu-system-x86" > requested_mask="r" denied_mask="r" fsuid=64055 ouid=0 > Jul 30 20:35:22 debian-tsr-nuc1 kernel: [ 39.538158] audit: type=1400 > audit(1532950522.103:43): apparmor="DENIED" operation="open" > profile="libvirt-2453a1d1-16fd-446a-b7df-3b1b0ac4a506" > name="/sys/module/vhost/parameters/max_mem_regions" pid=1307 > comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0 > Jul 30 20:35:36 debian-tsr-nuc1 kernel: [ 54.393592] audit: type=1400 > audit(1532950536.959:46): apparmor="DENIED" operation="open" > profile="libvirt-974b3462-9525-49d8-82db-2a3eb9bb972f" > name="/sys/devices/system/node/" pid=1376 comm="qemu-system-x86" > requested_mask="r" denied_mask="r" fsuid=64055 ouid=0 > Jul 30 20:35:36 debian-tsr-nuc1 kernel: [ 54.393648] audit: type=1400 > audit(1532950536.959:47): apparmor="DENIED" operation="open" > profile="libvirt-974b3462-9525-49d8-82db-2a3eb9bb972f" > name="/sys/devices/system/cpu/" pid=1376 comm="qemu-system-x86" > requested_mask="r" denied_mask="r" fsuid=64055 ouid=0 > Jul 30 20:35:36 debian-tsr-nuc1 kernel: [ 54.404634] audit: type=1400 > audit(1532950536.967:48): apparmor="DENIED" operation="open" > profile="libvirt-974b3462-9525-49d8-82db-2a3eb9bb972f" > name="/sys/module/vhost/parameters/max_mem_regions" pid=1376 > comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0 > Jul 31 12:51:24 debian-tsr-nuc1 kernel: [58602.024293] audit: type=1400 > audit(1533009084.686:49): apparmor="DENIED" operation="open" > profile="libvirt-2453a1d1-16fd-446a-b7df-3b1b0ac4a506" > name="/proc/548/cmdline" pid=1307 comm="qemu-system-x86" requested_mask="r" > denied_mask="r" fsuid=64055 ouid=0 > ``` > > These policy conflicts were fixed in upstream. > > I attached a patch which backported from these commit. > https://libvirt.org/git/?p=libvirt.git;a=commit;h=e7f5d627f93c1c71260d2a795a1227b16b0d3186 > https://libvirt.org/git/?p=libvirt.git;a=commit;h=0af5ced4b81b68be7016d1f8755db3d0c3249278 > > Would you apply this patch for stretch?
Can you provide debdiff for a fixed package? -- Guido
