Package: libvirt-daemon-system Version: 3.6.0-1 Severity: normal Hi,
the virt-aa-helper apparmor profile shipped with libvirt-daemon-system prevents gnome-boxes to access .local, and so to boot new vm created from iso or imported. type=AVC msg=audit(1505371989.794:47034): apparmor="DENIED" operation="open" profile="virt-aa-helper" name="/home/nodens/.local/share/gnome-boxes/images/boxes-unknown" pid=13982 comm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 I guess the profile should be updated to allow gnome-box to access it's own .local directory. However I'm not sure about the best way to do it: allowing access to .local/share/gnome-boxes when virt-aa-helper isn't launched by boxes seems wrong. Cheers, nodens -- System Information: Debian Release: buster/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.11.0-2-amd64 (SMP w/4 CPU cores) Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8), LANGUAGE=fr_FR.utf8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages libvirt-daemon-system depends on: ii adduser 3.115 ii debconf 1.5.63 ii gettext-base 0.19.8.1-2+b1 ii init-system-helpers 1.49 ii iptables 1.6.1-2 ii libapparmor1 2.11.0-10 ii libaudit1 1:2.7.7-1+b2 ii libblkid1 2.29.2-2 ii libc6 2.24-14 ii libcap-ng0 0.7.7-3+b1 ii libdbus-1-3 1.11.16+really1.10.22-1 ii libdevmapper1.02.1 2:1.02.137-2+b1 ii libnl-3-200 3.2.27-2 ii libnl-route-3-200 3.2.27-2 ii libnuma1 2.0.11-2.1 ii libselinux1 2.6-3+b2 ii libvirt-clients 3.6.0-1 ii libvirt-daemon 3.6.0-1 ii libvirt0 3.6.0-1 ii libxml2 2.9.4+dfsg1-3 ii libyajl2 2.1.0-2+b3 ii logrotate 3.11.0-0.1 ii lsb-base 9.20161125 ii policykit-1 0.105-18 Versions of packages libvirt-daemon-system recommends: ii bridge-utils 1.5-14 ii dmidecode 3.1-1 ii dnsmasq-base 2.77-2 ii ebtables 2.0.10.4-3.5+b1 ii iproute2 4.9.0-1 ii parted 3.2-17 Versions of packages libvirt-daemon-system suggests: ii apparmor 2.11.0-10 ii auditd 1:2.7.7-1+b2 ii nfs-common 1:1.3.4-2.1+b1 ii pm-utils 1.4.1-17 pn radvd <none> ii systemd 234-2 pn systemtap <none> pn zfsutils <none> -- Configuration Files: /etc/libvirt/nwfilter/allow-arp.xml [Errno 13] Permission non accordée: '/etc/libvirt/nwfilter/allow-arp.xml' /etc/libvirt/nwfilter/allow-dhcp-server.xml [Errno 13] Permission non accordée: '/etc/libvirt/nwfilter/allow-dhcp-server.xml' /etc/libvirt/nwfilter/allow-dhcp.xml [Errno 13] Permission non accordée: '/etc/libvirt/nwfilter/allow-dhcp.xml' /etc/libvirt/nwfilter/allow-incoming-ipv4.xml [Errno 13] Permission non accordée: '/etc/libvirt/nwfilter/allow-incoming-ipv4.xml' /etc/libvirt/nwfilter/allow-ipv4.xml [Errno 13] Permission non accordée: '/etc/libvirt/nwfilter/allow-ipv4.xml' /etc/libvirt/nwfilter/clean-traffic.xml [Errno 13] Permission non accordée: '/etc/libvirt/nwfilter/clean-traffic.xml' /etc/libvirt/nwfilter/no-arp-ip-spoofing.xml [Errno 13] Permission non accordée: '/etc/libvirt/nwfilter/no-arp-ip-spoofing.xml' /etc/libvirt/nwfilter/no-arp-mac-spoofing.xml [Errno 13] Permission non accordée: '/etc/libvirt/nwfilter/no-arp-mac-spoofing.xml' /etc/libvirt/nwfilter/no-arp-spoofing.xml [Errno 13] Permission non accordée: '/etc/libvirt/nwfilter/no-arp-spoofing.xml' /etc/libvirt/nwfilter/no-ip-multicast.xml [Errno 13] Permission non accordée: '/etc/libvirt/nwfilter/no-ip-multicast.xml' /etc/libvirt/nwfilter/no-ip-spoofing.xml [Errno 13] Permission non accordée: '/etc/libvirt/nwfilter/no-ip-spoofing.xml' /etc/libvirt/nwfilter/no-mac-broadcast.xml [Errno 13] Permission non accordée: '/etc/libvirt/nwfilter/no-mac-broadcast.xml' /etc/libvirt/nwfilter/no-mac-spoofing.xml [Errno 13] Permission non accordée: '/etc/libvirt/nwfilter/no-mac-spoofing.xml' /etc/libvirt/nwfilter/no-other-l2-traffic.xml [Errno 13] Permission non accordée: '/etc/libvirt/nwfilter/no-other-l2-traffic.xml' /etc/libvirt/nwfilter/no-other-rarp-traffic.xml [Errno 13] Permission non accordée: '/etc/libvirt/nwfilter/no-other-rarp-traffic.xml' /etc/libvirt/nwfilter/qemu-announce-self-rarp.xml [Errno 13] Permission non accordée: '/etc/libvirt/nwfilter/qemu-announce-self-rarp.xml' /etc/libvirt/nwfilter/qemu-announce-self.xml [Errno 13] Permission non accordée: '/etc/libvirt/nwfilter/qemu-announce-self.xml' /etc/libvirt/qemu.conf [Errno 13] Permission non accordée: '/etc/libvirt/qemu.conf' /etc/libvirt/qemu/networks/default.xml [Errno 13] Permission non accordée: '/etc/libvirt/qemu/networks/default.xml' -- debconf information: libvirt-daemon-system/id_warning: true
