Hello, there were some more profile changes done - first in openSUSE [1], but AFAIK they were already upstreamed.
I had a quick look at the log - most denials are fixed with the latest
upstream profile, so I'd recommend to grab that one.
I noticed one denial that probably isn't covered by the upstream profile
yet:
apparmor="DENIED" operation="open" profile="libvirt-c6ae5f8d-
e017-484d-9176-96b0e079c66d" name="/proc/726/cmdline" pid=6188
comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=114
ouid=0
That translates to
/@{PROC}/@{pids}/cmdline r,
and should probably go into abstractions/libvirt-qemu
Regards,
Christian Boltz
[1] https://bugzilla.opensuse.org/show_bug.cgi?id=1058847 and
https://bugzilla.opensuse.org/show_bug.cgi?id=1060860
--
In asynchron-verteilten Umgebungen mußt Du gegen jede einzelne Regel
Deiner Datenbankvorlesung verstoßen. [Kris Köhntopp]
signature.asc
Description: This is a digitally signed message part.
