Public bug reported:
== Comment: #0 - Application Cdeadmin <cdead...@us.ibm.com> - 2016-08-12
14:40:43 ==
== Comment: #1 - Application Cdeadmin <cdead...@us.ibm.com> - 2016-08-12
14:40:44 ==
==== State: Open by: panico on 12 August 2016 13:31:50 ====
Contact Information:
====================
Defect Originator: Michael Panico
Defect Originator pan...@us.ibm.com
System Info:
============
Machine Type:............8284-22A
Card Type:...............FSP2_P8LE
Current Boot Side:.......T
Next Boot Side:..........T
PT_Swap:.................0
Current Side Driver:.....fips860/b0726a_1632.860
Ubuntu 16.10 KVM host:
root@iaos1:~# uname -a
Linux iaos1 4.4.0-30-generic #49-Ubuntu SMP Fri Jul 1 10:00:36 UTC 2016 ppc64le
ppc64le ppc64le GNU/Linux
root@iaos1:~# lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu Yakkety Yak (development branch)
Release: 16.10
Codename: yakkety
Code levels for related pkgs:
virt-manager 1:1.3.2-3
libvirt-bin 1.3.4-1
apparmor 2.10.95-0
qemu-kvm 1:2.6+dfsg-3
Problem Description:
====================
The Ubuntu 16.10 KVM host logs this messages repeatedly:
[Fri Aug 12 10:07:52 2016] audit: type=1400 audit(1471014479.742:45871):
apparmor="DENIED" operation="open"
profile="libvirt-5142132a-6e25-413a-b84d-579ce9c23bd5"
name="/proc/77712/task/99146/comm" pid=99145 comm="qemu-system-ppc"
requested_mask="wr" denied_mask="wr" fsuid=110 ouid=110
== Comment: #9 - SANDHYA VENUGOPALA <vsand...@in.ibm.com> - 2016-08-22
04:42:14 ==
Problem Description:
====================
The Ubuntu 16.10 KVM host logs this messages repeatedly:
Aug 14 04:17:06 iaos1 kernel: [410279.287630] audit: type=1400
audit(1471166226.271:73588): apparmor="DENIED" operation="open"
profile="libvirt-2da97bd6-6370-47fa-83bd-3cb8e0836c21"
name="/proc/76973/task/143582/comm" pid=76973 comm="qemu-system-ppc"
requested_mask="wr" denied_mask="wr" fsuid=110 ouid=110
Aug 14 04:17:06 iaos1 kernel: [410279.532212] audit: type=1400
audit(1471166226.519:73589): apparmor="DENIED" operation="open"
profile="libvirt-66e1f4d0-ca76-4d4f-93ad-44c03cafb1c7"
name="/proc/77477/task/143583/comm" pid=77477 comm="qemu-system-ppc"
requested_mask="wr" denied_mask="wr" fsuid=110 ouid=110
Aug 14 04:17:19 iaos1 kernel: [410292.483319] audit: type=1400
audit(1471166239.467:73590): apparmor="DENIED" operation="open"
profile="libvirt-66e1f4d0-ca76-4d4f-93ad-44c03cafb1c7"
name="/proc/77477/task/143584/comm" pid=77477 comm="qemu-system-ppc"
requested_mask="wr" denied_mask="wr" fsuid=110 ouid=110
from ur.sbin.libvirtd -
# force the use of virt-aa-helper
audit deny /sbin/apparmor_parser rwxl,
audit deny /etc/apparmor.d/libvirt/** wxl,
audit deny /sys/kernel/security/apparmor/features rwxl,
audit deny /sys/kernel/security/apparmor/matching rwxl,
audit deny /sys/kernel/security/apparmor/.* rwxl,
/sys/kernel/security/apparmor/profiles r,
/usr/lib/libvirt/* PUxr,
/etc/libvirt/hooks/** rmix,
/etc/xen/scripts/** rmix,
Its seems like libvirt's apparmor policy needs to be updated in Ubuntu
16.10
** Affects: libvirt (Ubuntu)
Importance: Undecided
Assignee: Taco Screen team (taco-screen-team)
Status: New
** Tags: architecture-ppc64le bugnameltc-144906 severity-high
targetmilestone-inin1610
** Tags added: architecture-ppc64le bugnameltc-144906 severity-high
targetmilestone-inin1610
** Changed in: ubuntu
Assignee: (unassigned) => Taco Screen team (taco-screen-team)
** Package changed: ubuntu => libvirt (Ubuntu)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1615550
Title:
STC860:Tuleta-L:KVM:iap01:Ubuntu 16.10 KVM logs apparmor="DENIED"
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1615550/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
