Public bug reported:
While testing using openstack, guests failed to launch and these denied
messages were logged:
[ 8307.089627] audit: type=1400 audit(1649684291.592:109):
apparmor="DENIED" operation="mknod" profile="swtpm"
name="/run/libvirt/qemu/swtpm/11-instance-0000000b-swtpm.sock"
pid=141283 comm="swtpm" requested_mask="c" denied_mask="c" fsuid=117
ouid=117
[10363.999211] audit: type=1400 audit(1649686348.455:115):
apparmor="DENIED" operation="open" profile="swtpm"
name="/var/log/swtpm/libvirt/qemu/instance-0000000e-swtpm.log"
pid=184479 comm="swtpm" requested_mask="ac" denied_mask="ac" fsuid=117
ouid=117
Adding
/run/libvirt/qemu/swtpm/* rwk,
/var/log/swtpm/libvirt/qemu/* rwk,
to /etc/apparmor.d/usr.bin.swtpm and reloading the profile seems to fix the
issue.
(Note: This is very similar to existing Bug #1968335)
** Affects: swtpm (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1968586
Title:
apparmor rules block socket and log creation
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/swtpm/+bug/1968586/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
