[apparmor] virt-aa-helper: does not support OVMF?
intrigeri
intrigeri at debian.org
Tue Aug 11 19:37:59 UTC 2015
Hi,
it seems that virt-aa-helper (the helper tool that dynamically
generates AppArmor profiles for libvirt VMs) does not add
/usr/share/ovmf/OVMF.fd to the list of allowed files when I have
(excerpt):
<os>
<loader type='rom'>/usr/share/ovmf/OVMF.fd</loader>
</os>
I have this:
abstractions/libvirt-qemu: /usr/share/ovmf/** r,
... that was added to fix LP: #1074207.
But I don't see any corresponding change to virt-aa-helper, and:
libvirtd[28763]: internal error: Child process
(/usr/lib/libvirt/virt-aa-helper -p 0 -r -u
libvirt-14dcf3fa-a4d5-4c5a-82ea-3f624b44c7ef) unexpected exit status
1: virt-aa-helper: error: /usr/share/ovmf/OVMF.fd
virt-aa-helper: error: skipped restricted file
virt-aa-helper: error: invalid VM definition
libvirtd[28763]: internal error: cannot load AppArmor profile
'libvirt-14dcf3fa-a4d5-4c5a-82ea-3f624b44c7ef'
Is there a fix we're missing on Debian, or is it missing on Ubuntu
as well?
Cheers,
--
intrigeri
More information about the AppArmor
mailing list