Quoting Jamie Strandboge (ja...@ubuntu.com):
> We can create a child profile for pt_chown so only it would get
> cap_fowner. Can you try the following in /etc/apparmor.d/abstractions
> /libvirt-qemu:
>
> owner @{PROC}/[0-9]*/fd/ r,
> owner @{PROC}/[0-9]*/fd/3 r,
> /usr/lib/pt_chown cix -> libvirt_pt_chown,
>
> profile libvirt_pt_chown {
> capability fowner,
> }
I had rebooted (no choice, having to reboot frequently). This time,
even before adding this ruleset, I could start the hosts.
So either the recipe:
/etc/init.d/apparmor restart
restart libvirt-bin
does not suffice to clear out the rules, or this is a very funky
random bug that only happens sometimes. I'll try to get some time
dedicated to testing this this afternoon.
--
libvirt won't start a VM with serial or console when apparmor is enabled
https://bugs.launchpad.net/bugs/632696
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
