[Bug 1204616] [NEW] AppArmor profile libvirt is incomplete
Wido den Hollander
wido at widodh.nl
Wed Jul 24 18:30:55 UTC 2013
Public bug reported:
I'm using the Ubuntu Cloud Archive and I'm encountering a incomplete
libvirt AppArmor profile.
My libvirtd.log is showing lines like this:
2013-07-24 13:41:35.254+0000: 2995: warning : virAuditSend:135 : Failed
to send audit message virt=kvm op=start reason=booted vm="r-1163-VM"
uuid=1060bdc3-d77a-35f3-a8ef-696c0aef0b42 vm-pid=5121: Operation not
permitted
This is due to "audit_write" missing as a capability in the AppArmor
profile for libvirtd.
The simple fix is to add this line:
capability audit_write
In /etc/apparmor.d/usr.sbin.libvirtd
This is with libvirt 1.0.6 from the Havana repository.
ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: nova-compute (not installed)
ProcVersionSignature: Ubuntu 3.2.0-49.75-generic 3.2.46
Uname: Linux 3.2.0-49-generic x86_64
NonfreeKernelModules: fglrx
ApportVersion: 2.0.1-0ubuntu17.3
Architecture: amd64
Date: Wed Jul 24 20:27:55 2013
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111012)
MarkForUpload: True
ProcEnviron:
TERM=xterm
PATH=(custom, no user)
LANG=en_US.UTF-8
SHELL=/bin/bash
SourcePackage: nova
UpgradeStatus: Upgraded to precise on 2012-04-21 (459 days ago)
** Affects: nova (Ubuntu)
Importance: Undecided
Status: New
** Tags: amd64 apport-bug precise running-unity
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to nova in Ubuntu.
https://bugs.launchpad.net/bugs/1204616
Title:
AppArmor profile libvirt is incomplete
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/nova/+bug/1204616/+subscriptions
More information about the Ubuntu-server-bugs
mailing list