libvirt qemu apparmor rule missing directory for spice SASL
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libvirt (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
This bug is similar in spirit to LP #'s 901272 & 1690140. The default proposed file for the SASL user DB is denied access by apparmor:
---
root # sed -n '/default SASL/,/qemu.conf/p' /etc/libvirt/
# The default SASL configuration file is located in /etc/sasl2/
# When running libvirtd unprivileged, it may be desirable to
# override the configs in this location. Set this parameter to
# point to the directory, and create a qemu.conf in that location
root # grep \#sasldb_path /etc/sasl2/
#sasldb_path: /etc/libvirt/
---
When using this proposed file, apparmor denies read access by the VM:
---
Jan 04 15:20:20 easy-wombat kernel: audit: type=1400 audit(167284562
---
It would be nice if this default proposed location worked out of the box in apparmor.
Software Versions:
root # lsb_release -rd
Description: Ubuntu 20.04.5 LTS
Release: 20.04
root # apt-cache policy libvirt-
libvirt-
Installed: 6.0.0-0ubuntu8.16
Candidate: 6.0.0-0ubuntu8.16
Version table:
*** 6.0.0-0ubuntu8.16 500
500 http://
500 http://
100 /var/lib/
6.0.0-0ubuntu8 500
500 http://
Thanks for taking the time to report a bug.
I've added it to our backlog and someone from the team will work on it soon.