Hello, there were some more profile changes done - first in openSUSE [1], but AFAIK they were already upstreamed.
I had a quick look at the log - most denials are fixed with the latest upstream profile, so I'd recommend to grab that one. I noticed one denial that probably isn't covered by the upstream profile yet: apparmor="DENIED" operation="open" profile="libvirt-c6ae5f8d- e017-484d-9176-96b0e079c66d" name="/proc/726/cmdline" pid=6188 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=114 ouid=0 That translates to /@{PROC}/@{pids}/cmdline r, and should probably go into abstractions/libvirt-qemu Regards, Christian Boltz [1] https://bugzilla.opensuse.org/show_bug.cgi?id=1058847 and https://bugzilla.opensuse.org/show_bug.cgi?id=1060860 -- In asynchron-verteilten Umgebungen mußt Du gegen jede einzelne Regel Deiner Datenbankvorlesung verstoßen. [Kris Köhntopp]
signature.asc
Description: This is a digitally signed message part.