Hello, dnsmasq needs read access to more files in /var/lib/libvirt/dnsmasq/ (at least *.conf and *.addnhosts)
Since this directory contains only files that are intended for dnsmasq (also confirmed by Jim Fehlig, the SUSE libvirt maintainer), the best way is to just allow "/var/lib/libvirt/dnsmasq/* r," References: https://bugzilla.novell.com/show_bug.cgi?id=848215 I propose this patch for trunk and the 2.8 branch. === modified file 'profiles/apparmor.d/usr.sbin.dnsmasq' --- profiles/apparmor.d/usr.sbin.dnsmasq 2013-08-20 22:52:22 +++ profiles/apparmor.d/usr.sbin.dnsmasq 2013-10-30 19:33:18 @@ -43,10 +43,10 @@ @{TFTP_DIR}/ r, @{TFTP_DIR}/** r, - # libvirt lease and hosts files for dnsmasq + # libvirt config, lease and hosts files for dnsmasq /var/lib/libvirt/dnsmasq/ r, + /var/lib/libvirt/dnsmasq/* r, /var/lib/libvirt/dnsmasq/*.leases rw, - /var/lib/libvirt/dnsmasq/*.hostsfile r, # libvirt pid files for dnsmasq /{,var/}run/libvirt/network/ r, Regards, Christian Boltz -- Die Borg sind einfach eine Allegorie auf M$: gross, toll und voller endloser Featuritis - aber wenn es ernst wird, sterben sie an einer Schutzverletzung. [Andreas Pohlke in drsst] -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor