Public bug reported: When I tried to create a file or directory in a 9pfs mount in the guest host, I was denied in AppArmor. This is the error message:
May 28 12:26:10 sleungmini kernel: [54257.224886] type=1400 audit(1401305170.938:390): apparmor="DENIED" operation="capable" profile ="libvirt-865a1f4b-f7ab-428f-aa56-f30631565191" pid=28533 comm="pool" capability=3 capname="fowner" Upon adding "capability fowner," to /etc/apparmor.d/abstractions /libvirt-qemu, I was able to create files, however still got this in /var/log/syslog: May 28 12:29:03 sleungmini kernel: [54429.795090] type=1400 audit(1401305343.314:415): apparmor="DENIED" operation="capable" profile ="libvirt-865a1f4b-f7ab-428f-aa56-f30631565191" pid=29097 comm="pool" capability=4 capname="fsetid" So I added "capability fsetid," to /etc/apparmor.d/abstractions/libvirt- qemu as well. I believe the correct fix is in my included patch. I've looked through bug #1285995 and see that I have a version that includes that fix/patch. I've also verified that I no longer get the same DENIED message. I believe this is a different bug. I'm currently running: $ lsb_release -rd Description: Ubuntu 14.04 LTS Release: 14.04 This is my version of libvirt-bin: apt-cache policy libvirt-bin libvirt-bin: Installed: 1.2.2-0ubuntu13.1 Candidate: 1.2.2-0ubuntu13.1 Version table: *** 1.2.2-0ubuntu13.1 0 500 http://us.archive.ubuntu.com/ubuntu/ trusty-updates/main amd64 Packages 100 /var/lib/dpkg/status 1.2.2-0ubuntu13 0 500 http://us.archive.ubuntu.com/ubuntu/ trusty/main amd64 Packages Let me know if you have any requests for additional information, questions or suggestions. This is my first time submitting a bug report and patch for Ubuntu so I'm not familiar with the conventions here. Thanks! ** Affects: libvirt (Ubuntu) Importance: Undecided Status: New ** Tags: patch ** Patch added: "libvirt-qemu-aa-allow-capability-fowner-fsetid.patch" https://bugs.launchpad.net/bugs/1324251/+attachment/4121640/+files/libvirt-qemu-aa-allow-capability-fowner-fsetid.patch -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in Ubuntu. https://bugs.launchpad.net/bugs/1324251 Title: AppArmor denies guest from create/modify 9pfs files To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1324251/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs