DEBUG: trying to load module: /var/run/qemu/Debian_1_4.2-3ubuntu2~ppa4/block-curl.so
Failed to open module: /var/run/qemu/Debian_1_4.2-3ubuntu2~ppa4/block-curl.so: cannot open shared object file: Permission denied
Which is due to apparmove:
[302376.960953] audit: type=1400 audit(1583238035.059:439): apparmor="DENIED" operation="open" namespace="root//lxd-f_<var-snap-lxd-common-lxd>" profile="libvirt-2bef989e-6d28-45c8-b101-3959de1db2b3" name="/run/qemu/Debian_1_4.2-3ubuntu2~ppa4/block-curl.so" pid=6958 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0
I'm on the brink of letting that blocked by default and people would
=> less comfortable, but effectively making the change not even a bit less secure until bigger deployments who care opt in (also this can be decided later on).
Adding a libvirt task for it ...
Now I hit an issue that I expected:
DEBUG: trying to load module: /var/run/ qemu/Debian_ 1_4.2-3ubuntu2~ ppa4/block- curl.so qemu/Debian_ 1_4.2-3ubuntu2~ ppa4/block- curl.so: cannot open shared object file: Permission denied
Failed to open module: /var/run/
Which is due to apparmove: 5.059:439) : apparmor="DENIED" operation="open" namespace= "root// lxd-f_< var-snap- lxd-common- lxd>" profile= "libvirt- 2bef989e- 6d28-45c8- b101-3959de1db2 b3" name="/ run/qemu/ Debian_ 1_4.2-3ubuntu2~ ppa4/block- curl.so" pid=6958 comm="qemu- system- x86" requested_mask="r" denied_mask="r" fsuid=64055 ouid=0
[302376.960953] audit: type=1400 audit(158323803
I'm on the brink of letting that blocked by default and people would
=> less comfortable, but effectively making the change not even a bit less secure until bigger deployments who care opt in (also this can be decided later on).
Adding a libvirt task for it ...