libvirt cannot start dnsmasq when using apparmor profile

Bug #815883 reported by Jamie Strandboge
This bug affects 2 people
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Fix Released
Jamie Strandboge

Bug Description

After upgrading to Oneiric, I get the following dnsmasq denial when libvirt starts:
type=AVC msg=audit(1311512554.401:96): apparmor="DENIED" operation="mknod" parent=1689 profile="/usr/sbin/dnsmasq" name="/var/lib/libvirt/dnsmasq/default.leases" pid=10701 comm="dnsmasq" requested_mask="c" denied_mask="c" fsuid=0 ouid=0

The following rule fixes it:
  /var/lib/libvirt/dnsmasq/*.leases rw,

Changed in apparmor (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
importance: Undecided → Medium
status: New → In Progress
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Patch submitted upstream for review.

Revision history for this message
Christian Boltz (cboltz) wrote :

For the records: the patch was accepted upstream. This bug is fixed in AppArmor 2.7 beta1.

(I don't know about the status in Ubuntu, therefore I don't change the bug status.)

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thanks Christian. This was fixed in 2.7.0~beta1+bzr1774-1.

Changed in apparmor (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
M$$Ger (mssg3r) wrote :

virsh net-start default

IPv6: ADDRCONF(NETDEV_UP): virbr0: link is not ready

type=1400 audit(1411912195.731:2159): apparmor="DENIED" operation="open" profile="/usr/sbin/dnsmasq" name="/var/lib/libvirt/dnsmasq/default.conf" pid=11512 comm="dnsmasq" requested_mask="r" denied_mask="r" fsuid=0 ouid=126

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Other bug subscribers