On Mon, Dec 19, 2016 at 12:35:51PM -0800, Seth Arnold wrote: > On Mon, Dec 19, 2016 at 12:17:55PM +0100, intrigeri wrote: > > Guido Günther: > > >> Well, info="Failed name lookup - disconnected path" does ring a bell. > > >> It might be that the libvirtd profile needs the attach_disconnected > > >> flag (there are plenty of examples that do in my /etc/apparmor.d). > > I don't know much about libvirt's containers support but the error > messages from the bug: > > … > + virsh lxc-enter-namespace --noseclabel sl /bin/ls /bin/ls > libvirt: error : Expected at least one file descriptor > error: internal error: Child process (2714) unexpected exit status 125 > … > > give me the impression that the error happens very early and very quickly. > The name="" from the audit logs gives me the impression that the profilesd > container was trying to find /. This doesn't feel like a recent change to > me. > > Are we sure that libvirt's containers support has had working AppArmor > support before?
Yes. At least since 1.3.5. -- Guido -- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
