libvirt 4.6 triggers apparmor issues when starting a guest - unable to change the profile
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libvirt (Ubuntu) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Starting a guest e.g. via uvtool now fails.
$ uvt-kvm create --password=ubuntu b release=bionic arch=ppc64el label=daily
Warning: using --password from the command line is not secure and should be used for debugging only.
uvt-kvm: error: libvirt: internal error: Process exited prior to exec: ostnet0,
libvirt: error : unable to set AppArmor profile 'libvirt-
The related Deny is:
[71225.866420] audit: type=1400 audit(153379950
So it is libvirtd who wants to do things but gets denied - per profile=
The generated profiles exist:
/etc/apparmor.
/etc/apparmor.
Ok, it all makes sense now.
That was just due to a broken WIP implementation for bug 1786019
Since this will only release once ok the bug here can be closed.