[Bug 930266] Re: Add samba4 ntp signing socket to ntpd apparmor profile
Had that exact same problem on Ubuntu 15.10. The File /etc/apparmor.d/usr.sbin.ntpd contains the following line: # samba4 ntp signing socket /{,var/}run/samba/ntp_signd/socket rw, But the line should be /var/lib/samba/ntp_signd/socket rw, -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ntp in Ubuntu. https://bugs.launchpad.net/bugs/930266 Title: Add samba4 ntp signing socket to ntpd apparmor profile To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ntp/+bug/930266/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1004606] Re: virsh create-snapshot fails to create external snapshot (blockdev-snapshot-sync fails in json monitor)
In the /etc/apparmor.d/local/usr.sbin.libvirtd file I just created one rule to give libvirtd read'n'write access to the images in my storage pool with the following line: "/var/lib/libvirt/images/*.img" rw, As preliminary: I have created my own naming convention for my overlays, these are used for incremental backups to another server. This convention can be found in my abstractation and has to be adjusted to your own needs. First of all I've created my own abstraction as /etc/apparmor.d/local /abstraction-libvirt-storage. This file gives the clients access to the important images like that: "/var/lib/libvirt/images/*.base.img"rw, "/var/lib/libvirt/images/*.base.img"rw, "/var/lib/libvirt/images/*.stable_overlay.img" rw, "/var/lib/libvirt/images/*.running.img" rw, The /etc/apparmor.d/libvirt/TEMPLATE file is a source for all rule files in /etc/apparmor.d/libvirt/. There you need to source the abstraction- libvirt-storage so the TEMPLATE looks similar to this one (adjust to your own needs): profile LIBVIRT_TEMPLATE { #include #include } It is also possible to put the information of the abstraction-libvirt- storage file directly into the TEMPLATE but a change on some of the rules would require to edit multiple files ( /etc/apparmor.d/libvirt/*) I hope this will help. This adjustments should be fine for safety requirement, because the host should still be secured against guests and thats the only thing you can do with libvirt+apparmor. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu-kvm in Ubuntu. https://bugs.launchpad.net/bugs/1004606 Title: virsh create-snapshot fails to create external snapshot (blockdev- snapshot-sync fails in json monitor) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1004606/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1004606] Re: virsh create-snapshot fails to create external snapshot (blockdev-snapshot-sync fails in json monitor)
I found a that looks better than deactivating apparmor. I found here ( http://libvirt.org/drvqemu.html#securitysvirtaa ) the information that Apparmor is „just“ used for protecting the vm host and that there is a TEMPLATE under /etc/apparmor.d/libvirt/ that can be modified. In that TEMPLATE I included one of my own rules and under /etc/apparmor.d/local/usr.sbin.libvirtd i added a similar rule. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu-kvm in Ubuntu. https://bugs.launchpad.net/bugs/1004606 Title: virsh create-snapshot fails to create external snapshot (blockdev- snapshot-sync fails in json monitor) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1004606/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1004606] Re: virsh create-snapshot fails to create external snapshot (blockdev-snapshot-sync fails in json monitor)
Is there any bugfix in sight or work around known except for disabling apparmor? -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to qemu-kvm in Ubuntu. https://bugs.launchpad.net/bugs/1004606 Title: virsh create-snapshot fails to create external snapshot (blockdev- snapshot-sync fails in json monitor) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1004606/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs