Maybe the setup is a bit broken as I was rather rude and direct setting this up.
I've seen two things:
1. I was seeing that the PID on this denial was always changing
2. I found that this crashed libvirt like
Jun 14 09:36:44 ldap.example.com libvirtd[4585]: Illegal status in __nss_next.
Jun 14 09:36:44 ldap.example.com systemd[1]: libvirtd.service: Main process exited, code=killed, status=6/ABRT
Jun 14 09:36:44 ldap.example.com systemd[1]: libvirtd.service: Failed with result 'signal'.
Jun 14 09:36:45 ldap.example.com systemd[1]: libvirtd.service: Scheduled restart job, restart counter is at 9.
I have not seen this in any of the reports/logs added here so far, so I hope I find a setup that isn't half-broken but still reproduces the issue.
Also as one would expect in the above case the "network unix dgram," rule doesn't help.
Well consider this just a broken test for now.
Maybe the setup is a bit broken as I was rather rude and direct setting this up.
I've seen two things:
1. I was seeing that the PID on this denial was always changing
2. I found that this crashed libvirt like
Jun 14 09:36:44 ldap.example.com libvirtd[4585]: Illegal status in __nss_next.
Jun 14 09:36:44 ldap.example.com systemd[1]: libvirtd.service: Main process exited, code=killed, status=6/ABRT
Jun 14 09:36:44 ldap.example.com systemd[1]: libvirtd.service: Failed with result 'signal'.
Jun 14 09:36:45 ldap.example.com systemd[1]: libvirtd.service: Scheduled restart job, restart counter is at 9.
I have not seen this in any of the reports/logs added here so far, so I hope I find a setup that isn't half-broken but still reproduces the issue.
Also as one would expect in the above case the "network unix dgram," rule doesn't help.
Well consider this just a broken test for now.