With libvirt-bin 1.3.1, starting a QEMU guest results in those AA denials:
Feb 17 12:06:23 simon-laptop kernel: [15734.513696] audit: type=1400 audit(1455728783.639:73): apparmor="DENIED" operation="open" profile="/usr/lib/libvirt/virt-aa-helper" name="/etc/nsswitch.conf" pid=23156 comm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Feb 17 12:06:23 simon-laptop kernel: [15734.513718] audit: type=1400 audit(1455728783.639:74): apparmor="DENIED" operation="open" profile="/usr/lib/libvirt/virt-aa-helper" name="/etc/host.conf" pid=23156 comm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Feb 17 12:06:23 simon-laptop kernel: [15734.513734] audit: type=1400 audit(1455728783.639:75): apparmor="DENIED" operation="open" profile="/usr/lib/libvirt/virt-aa-helper" name="/run/resolvconf/resolv.conf" pid=23156 comm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 Feb 17 12:06:23 simon-laptop kernel: [15734.513885] audit: type=1400 audit(1455728783.639:76): apparmor="DENIED" operation="open" profile="/usr/lib/libvirt/virt-aa-helper" name="/run/resolvconf/resolv.conf" pid=23156 comm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
virt-aa-helper's AA profile hasn't changed recently so it seems like the helper is doing more in this release.
Additional information:
$ lsb_release -rd Description: Ubuntu Xenial Xerus (development branch) Release: 16.04
$ apt-cache policy apparmor libvirt-bin apparmor: Installed: 2.10-3ubuntu1 Candidate: 2.10-3ubuntu1 Version table: *** 2.10-3ubuntu1 500 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages 100 /var/lib/dpkg/status libvirt-bin: Installed: 1.3.1-1ubuntu1 Candidate: 1.3.1-1ubuntu1 Version table: *** 1.3.1-1ubuntu1 500 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages 100 /var/lib/dpkg/status
ProblemType: Bug DistroRelease: Ubuntu 16.04 Package: libvirt-bin 1.3.1-1ubuntu1 ProcVersionSignature: Ubuntu 4.4.0-5.20-generic 4.4.1 Uname: Linux 4.4.0-5-generic x86_64 NonfreeKernelModules: zfs zunicode zcommon znvpair zavl ApportVersion: 2.20-0ubuntu3 Architecture: amd64 CurrentDesktop: Unity Date: Wed Feb 17 13:08:04 2016 KernLog:
SourcePackage: libvirt UpgradeStatus: No upgrade log present (probably fresh install) modified.conffile..etc.libvirt.qemu.conf: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/qemu.conf'] modified.conffile..etc.libvirt.qemu.networks.default.xml: [deleted]
With libvirt-bin 1.3.1, starting a QEMU guest results in those AA denials:
Feb 17 12:06:23 simon-laptop kernel: [15734.513696] audit: type=1400 audit(145572878 3.639:73) : apparmor="DENIED" operation="open" profile= "/usr/lib/ libvirt/ virt-aa- helper" name="/ etc/nsswitch. conf" pid=23156 comm="virt- aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 3.639:74) : apparmor="DENIED" operation="open" profile= "/usr/lib/ libvirt/ virt-aa- helper" name="/ etc/host. conf" pid=23156 comm="virt- aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 3.639:75) : apparmor="DENIED" operation="open" profile= "/usr/lib/ libvirt/ virt-aa- helper" name="/ run/resolvconf/ resolv. conf" pid=23156 comm="virt- aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 3.639:76) : apparmor="DENIED" operation="open" profile= "/usr/lib/ libvirt/ virt-aa- helper" name="/ run/resolvconf/ resolv. conf" pid=23156 comm="virt- aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Feb 17 12:06:23 simon-laptop kernel: [15734.513718] audit: type=1400 audit(145572878
Feb 17 12:06:23 simon-laptop kernel: [15734.513734] audit: type=1400 audit(145572878
Feb 17 12:06:23 simon-laptop kernel: [15734.513885] audit: type=1400 audit(145572878
virt-aa-helper's AA profile hasn't changed recently so it seems like the helper is doing more in this release.
Additional information:
$ lsb_release -rd
Description: Ubuntu Xenial Xerus (development branch)
Release: 16.04
$ apt-cache policy apparmor libvirt-bin archive. ubuntu. com/ubuntu xenial/main amd64 Packages dpkg/status archive. ubuntu. com/ubuntu xenial/main amd64 Packages dpkg/status
apparmor:
Installed: 2.10-3ubuntu1
Candidate: 2.10-3ubuntu1
Version table:
*** 2.10-3ubuntu1 500
500 http://
100 /var/lib/
libvirt-bin:
Installed: 1.3.1-1ubuntu1
Candidate: 1.3.1-1ubuntu1
Version table:
*** 1.3.1-1ubuntu1 500
500 http://
100 /var/lib/
ProblemType: Bug ature: Ubuntu 4.4.0-5.20-generic 4.4.1 dules: zfs zunicode zcommon znvpair zavl
DistroRelease: Ubuntu 16.04
Package: libvirt-bin 1.3.1-1ubuntu1
ProcVersionSign
Uname: Linux 4.4.0-5-generic x86_64
NonfreeKernelMo
ApportVersion: 2.20-0ubuntu3
Architecture: amd64
CurrentDesktop: Unity
Date: Wed Feb 17 13:08:04 2016
KernLog:
SourcePackage: libvirt conffile. .etc.libvirt. qemu.conf: [inaccessible: [Errno 13] Permission denied: '/etc/libvirt/ qemu.conf' ] conffile. .etc.libvirt. qemu.networks. default. xml: [deleted]
UpgradeStatus: No upgrade log present (probably fresh install)
modified.
modified.