This recently came up on the libvirt mailing list: https://www.redhat.com/archives/libvir-list/2010-September/msg00406.html
It appears that libvirt is aa_change_profile()ing before the DAC security driver can do its business. It seems that the ordering of the stacked security driver is wrong and that DAC driver should (always) go first, then the MAC (eg AppApparmor/SELinux) should come after. Before we push something to Lucid, I'd like to see upstream consensus on the fix (especially since we may want to change Maverick). -- setgid, setuid needed by /etc/apparmor.d/abstractions/libvirt-qemu https://bugs.launchpad.net/bugs/579584 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs