New virt-manager (1.4.0) needs unix (send recieve) in apparmor
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libvirt (Ubuntu) |
Fix Released
|
Medium
|
Bryan Quigley |
Bug Description
1) Ubuntu 17.04
2) with me trying to merge virt-manager 1.4.0 (from bug https:/
3) View the console of a running VM from virt-manager
4) Instead we get the error:
Error connecting to graphical console:
internal error: unable to execute QEMU command 'getfd':
No file descriptor supplied via SCM_RIGHTS
Which is also described here - https:/
All it needs to work is to add:
# allow connect with openGraphicsFD to work
unix (send, receive) type=stream peer=(label=
to abstractions/
I traced the cause of the change to commit https:/
Changed in libvirt (Ubuntu): | |
assignee: | nobody → Bryan Quigley (bryanquigley) |
Changed in libvirt (Ubuntu): | |
importance: | Undecided → Medium |
This rule means that every VM can unconditionally talk to libvirtd over any unix stream socket. What is the denial that prompted this rule?