Am 11.10.2017 um 13:06 schrieb Christian Boltz:
> I noticed one denial that probably isn't covered by the upstream profile
> yet:
>
> apparmor="DENIED" operation="open" profile="libvirt-c6ae5f8d-
> e017-484d-9176-96b0e079c66d" name="/proc/726/cmdline" pid=6188
> comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=114
> ouid=0
>
> That translates to
> /@{PROC}/@{pids}/cmdline r,
> and should probably go into abstractions/libvirt-qemuI was pointed at https://bugs.debian.org/877926 Updating libvirt to 3.8.0-1 from experimental fixed the immediate issue for me, i.e. the libvirt instances start again. I'm not sure whether to merge these two bug reports now, or we keep this one open and deal with the remaining denial(s) (the severity should probably be downgraded in this case as it doesn't seem to cause any noticeable issues). After updating to libvirt 3.8.0-1 I still the get following DENIAL when shutting down a libvirt/KVM instance: > 2017-10-11T14:43:54.683220+02:00 pluto kernel: [ 355.112941] audit: type=1400 audit(1507725834.681:55): apparmor="DENIED" operation="open" profile="libvirt-4e5a8920-a2a1-4c6b-b7f1-528c20878cdd" name="/proc/684/cmdline" pid=3154 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=114 ouid=0 -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
