[Bug 1324393] Re: "Force off" fails with "Permission denied" after upgrading to 14.04

Mon, 16 Jun 2014 02:51:08 -0700 

$ cat /etc/apparmor.d/usr.sbin.libvirtd
# Last Modified: Mon Jul  6 17:23:58 2009
#include <tunables/global>
@{LIBVIRT}="libvirt"

/usr/sbin/libvirtd {
  #include <abstractions/base>
  #include <abstractions/dbus>
  # Site-specific additions and overrides. See local/README for details.
  #include <local/usr.sbin.libvirtd>

  capability kill,
  capability net_admin,
  capability net_raw,
  capability setgid,
  capability sys_admin,
  capability sys_module,
  capability sys_ptrace,
  capability sys_nice,
  capability sys_chroot,
  capability setuid,
  capability dac_override,
  capability dac_read_search,
  capability fowner,
  capability chown,
  capability setpcap,
  capability mknod,
  capability fsetid,
  capability ipc_lock,
  capability audit_write,

  network inet stream,
  network inet dgram,
  network inet6 stream,
  network inet6 dgram,
  network packet dgram,

  # for now, use a very lenient profile since we want to first focus on
  # confining the guests
  / r,
  /** rwmkl,

  /bin/* PUx,
  /sbin/* PUx,
  /usr/bin/* PUx,
  /usr/sbin/* PUx,
  /lib/udev/scsi_id PUx,
  /usr/lib/xen-common/bin/xen-toolstack PUx,

  # Required by nwfilter_ebiptables_driver.c:ebiptablesWriteToTempFile() to
  # write and run an ebtables script.
  /var/lib/libvirt/virtd* ixr,

  # force the use of virt-aa-helper
  audit deny /sbin/apparmor_parser rwxl,
  audit deny /etc/apparmor.d/libvirt/** wxl,
  audit deny /sys/kernel/security/apparmor/features rwxl,
  audit deny /sys/kernel/security/apparmor/matching rwxl,
  audit deny /sys/kernel/security/apparmor/.* rwxl,
  /sys/kernel/security/apparmor/profiles r,
  /usr/lib/libvirt/* PUxr,
  /etc/libvirt/hooks/** rmix,
  /etc/xen/scripts/** rmix,

  # allow changing to our UUID-based named profiles
  change_profile -> 
@{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,

}

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1324393

Title:
  "Force off" fails with "Permission denied" after upgrading to 14.04

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/virt-manager/+bug/1324393/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to