[Bug 637544] Re: apparmor=DENIED operation=open parent=3343 profile=/usr/lib/libvirt/virt-aa-helper

Jamie Strandboge jamie at ubuntu.com
Mon Sep 13 22:54:19 BST 2010

Here is an example message:
Sep 13 15:57:29 marula kernel: [ 7535.484814] type=1400 audit(1284407849.038:878): apparmor="DENIED" operation="open" parent=3346 profile="/usr/lib/libvirt/virt-aa-helper" name="/var/lib/eucalyptus/instances/admin/i-35280636/loader" pid=29440 comm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=105

We currently only allow the following in /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper:
  /var/lib/eucalyptus/instances/**/disk* r,

What is /var/lib/eucalyptus/instances/admin/i-35280636/loader? Can you
also attach the domain XML for an instance that fails to start?

** Changed in: libvirt (Ubuntu)
   Importance: Undecided => Critical

** Changed in: libvirt (Ubuntu)
       Status: New => Incomplete

** Changed in: libvirt (Ubuntu)
     Assignee: (unassigned) => Jamie Strandboge (jdstrand)

** Changed in: libvirt (Ubuntu)
   Importance: Critical => High

apparmor=DENIED operation=open parent=3343 profile=/usr/lib/libvirt/virt-aa-helper
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.

More information about the Ubuntu-server-bugs mailing list