Ubuntu
apparmor package

libvirt cannot start dnsmasq when using apparmor profile

Bug #815883 reported by Jamie Strandboge
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
apparmor (Ubuntu)
Fix Released
Medium
Jamie Strandboge

Bug Description

After upgrading to Oneiric, I get the following dnsmasq denial when libvirt starts:
type=AVC msg=audit(1311512554.401:96): apparmor="DENIED" operation="mknod" parent=1689 profile="/usr/sbin/dnsmasq" name="/var/lib/libvirt/dnsmasq/default.leases" pid=10701 comm="dnsmasq" requested_mask="c" denied_mask="c" fsuid=0 ouid=0

The following rule fixes it:
  /var/lib/libvirt/dnsmasq/*.leases rw,

Jamie Strandboge (jdstrand)
Changed in apparmor (Ubuntu):
assignee: nobody → Jamie Strandboge (jdstrand)
importance: Undecided → Medium
status: New → In Progress
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Patch submitted upstream for review.

Revision history for this message
Christian Boltz (cboltz) wrote :

For the records: the patch was accepted upstream. This bug is fixed in AppArmor 2.7 beta1.

(I don't know about the status in Ubuntu, therefore I don't change the bug status.)

Revision history for this message
Jamie Strandboge (jdstrand) wrote :

Thanks Christian. This was fixed in 2.7.0~beta1+bzr1774-1.

Changed in apparmor (Ubuntu):
status: In Progress → Fix Released
Revision history for this message
M$$Ger (mssg3r) wrote :

virsh net-start default

IPv6: ADDRCONF(NETDEV_UP): virbr0: link is not ready

type=1400 audit(1411912195.731:2159): apparmor="DENIED" operation="open" profile="/usr/sbin/dnsmasq" name="/var/lib/libvirt/dnsmasq/default.conf" pid=11512 comm="dnsmasq" requested_mask="r" denied_mask="r" fsuid=0 ouid=126

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.