libvirt's apparmor profile doesn't allow execution of /usr/lib/libvirt/libvirt_lxc
Bug #480478 reported by
Stéphane Graber
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libvirt (Ubuntu) |
Fix Released
|
Medium
|
Jamie Strandboge | ||
Karmic |
Won't Fix
|
Medium
|
Unassigned | ||
Lucid |
Fix Released
|
Medium
|
Jamie Strandboge |
Bug Description
When starting a LXC container from libvirt, libvirt fails to do so because it's blocked by the apparmor profile.
Here's the syslog entry I get:
Nov 5 10:10:27 castiana kernel: [143641.139158] type=1503 audit(125743382
Related branches
tags: | added: apparmor |
Changed in libvirt (Ubuntu): | |
assignee: | nobody → Jamie Strandboge (jdstrand) |
importance: | Undecided → Medium |
status: | New → Triaged |
Changed in libvirt (Ubuntu): | |
milestone: | none → karmic-updates |
Changed in libvirt (Ubuntu Karmic): | |
importance: | Undecided → Medium |
assignee: | nobody → Jamie Strandboge (jdstrand) |
milestone: | none → karmic-updates |
status: | New → Triaged |
Changed in libvirt (Ubuntu Lucid): | |
milestone: | karmic-updates → none |
Changed in libvirt (Ubuntu Lucid): | |
status: | Triaged → In Progress |
To post a comment you must log in.
I'm brand new to lxc and apparmor, but I wonder if this is sufficient:
=== modified file 'apparmor. d/usr.sbin. libvirtd' d/usr.sbin. libvirtd 2009-11-19 21:10:26 +0000 d/usr.sbin. libvirtd 2009-11-19 21:26:21 +0000
--- apparmor.
+++ apparmor.
@@ -32,6 +32,7 @@
/sbin/* Ux,
/usr/bin/* Ux,
/usr/sbin/* Ux,
+ /usr/lib/libvirt/* Ux,
# force the use of virt-aa-helper parser rwxl,
audit deny /sbin/apparmor_