While looking at LP: #1546674 I ran into this bug as well. Your PPA package patches the usr.sbin.libvirtd profile but I think the right place to add the rule is in the abstraction/libvirt-qemu profile extract.
I added a similar but slightly more restrictive rule in the attached patch. With that patch in, I no longer get AA denials for /proc/$pid/task/*/comm.
Hi Christian,
While looking at LP: #1546674 I ran into this bug as well. Your PPA package patches the usr.sbin.libvirtd profile but I think the right place to add the rule is in the abstraction/ libvirt- qemu profile extract.
I added a similar but slightly more restrictive rule in the attached patch. With that patch in, I no longer get AA denials for /proc/$ pid/task/ */comm.