Control: tag -1 patch -unreproducible
Michael Biebl [2017-10-23 18:22 +0200]:
> This is what I get when I *shut down* a VM in virt-manager:
> $ journalctl -f | grep DENIED
> Okt 23 18:20:31 pluto audit[8603]: AVC apparmor="DENIED"
> operation="open"
control: severity -1 minor
control: retitle -1 apparmor logs /proc//cmdline denials on vm shutdown
Hi,
On Mon, Oct 23, 2017 at 06:41:04PM +0200, Michael Biebl wrote:
> Am 23.10.2017 um 18:28 schrieb Guido Günther:
> > Hi,
> > On Mon, Oct 23, 2017 at 06:22:10PM +0200, Michael Biebl wrote:
> >> Am
Hello,
Am Montag, 23. Oktober 2017, 09:14:52 CEST schrieb intrigeri:
>> 2017-10-11T14:43:54.683220+02:00 pluto kernel: [ 355.112941] audit:
> > type=1400 audit(1507725834.681:55): apparmor="DENIED"
> > operation="open"
> > profile="libvirt-4e5a8920-a2a1-4c6b-b7f1-528c20878cdd"
> >
Am 23.10.2017 um 18:28 schrieb Guido Günther:
> Hi,
> On Mon, Oct 23, 2017 at 06:22:10PM +0200, Michael Biebl wrote:
>> Am 23.10.2017 um 17:49 schrieb Guido Günther:
>> This is what I get when I *shut down* a VM in virt-manager:
>> $ journalctl -f | grep DENIED
>> Okt 23 18:20:31 pluto
Hi,
On Mon, Oct 23, 2017 at 06:22:10PM +0200, Michael Biebl wrote:
> Am 23.10.2017 um 17:49 schrieb Guido Günther:
>
> > I can't reproduce this here with 4.13.0-1-amd64 and
> > libvirt-daemon-system 3.8.0-3.
> > -- Guido
> >
> linux-image-4.13.0-1-amd64 4.13.4-2
> libvirt-daemon-system 3.8.0-3
Am 23.10.2017 um 17:49 schrieb Guido Günther:
> I can't reproduce this here with 4.13.0-1-amd64 and
> libvirt-daemon-system 3.8.0-3.
> -- Guido
>
linux-image-4.13.0-1-amd64 4.13.4-2
libvirt-daemon-system 3.8.0-3
This is what I get when I *shut down* a VM in virt-manager:
$ journalctl -f | grep
Hi,
On Wed, Oct 11, 2017 at 02:10:01AM +0200, Michael Biebl wrote:
> Package: apparmor
> Version: 2.11.0-11
> Severity: serious
>
> After the kernel upgrade from 4.12 to 4.13 my KVM/libvirt instances
> failed to start:
> Okt 10 19:24:44 pluto libvirtd[673]: 2017-10-10 17:24:44.404+: 797:
Control: reassign -1 libvirt-daemon-system
Control: retitle -1 AppArmor blocks QEMU guests access to /proc/*/cmdline
Control: found -1 3.8.0-3
Control: severity -1 normal
Control: tag -1 + upstream
Hi Michael, Guido & others,
first of all, thanks a lot for trying AppArmor and reporting bugs,
Am 11.10.2017 um 13:06 schrieb Christian Boltz:
> I noticed one denial that probably isn't covered by the upstream profile
> yet:
>
> apparmor="DENIED" operation="open" profile="libvirt-c6ae5f8d-
> e017-484d-9176-96b0e079c66d" name="/proc/726/cmdline" pid=6188
> comm="qemu-system-x86"
Hello,
there were some more profile changes done - first in openSUSE [1], but
AFAIK they were already upstreamed.
I had a quick look at the log - most denials are fixed with the latest
upstream profile, so I'd recommend to grab that one.
I noticed one denial that probably isn't covered by the
Am 11.10.2017 um 04:35 schrieb Seth Arnold:
> Hello Michael, do you still have the DENIED lines from your kernel logs
> when experiencing this problem? If so please share them here.
>
> Thanks
>
attached is the output of "grep audit /var/log/kern.log"
--
Why is it that all of the instruments
Hello Michael, do you still have the DENIED lines from your kernel logs
when experiencing this problem? If so please share them here.
Thanks
signature.asc
Description: PGP signature
Package: apparmor
Version: 2.11.0-11
Severity: serious
After the kernel upgrade from 4.12 to 4.13 my KVM/libvirt instances
failed to start:
Okt 10 19:24:44 pluto libvirtd[673]: 2017-10-10 17:24:44.404+: 797: error :
virProcessRunInMountNamespace:1159 : internal error: child reported: Kernel
13 matches
Mail list logo