[Bug 1342083] Re: "Failed to create chardev" due to apparmor DENIED execute of "/usr/lib/pt_chown"

Wed, 24 Feb 2016 11:07:41 -0800 

Lubuntu 15.10 64bit, Lenovo t450s:

I too see this issue.  I have this fix in /etc/apparmor.d/abstractions
/libvirt-qemu:

    # allow serial console backed by pts chardev (LP: #1342083)
    /usr/lib/pt_chown ix,
    owner @{PROC}/0-9*/fd/ r,

but still see an apparmor issue in /var/log/kern.log.  But it does seem
intermittent.  If I reboot this system, it'll probably work again.


kern.log:

Feb 24 10:31:39 rexs-t450s kernel: [68855.173512] audit: type=1400 
audit(1456338699.233:57): apparmor="STATUS" operation="profile_load" 
profile="unconfined" name="libvirt-5f4214d2-91d5-49ac-be10-dc1efa2ea391" 
pid=1541 comm="apparmor_parser"
Feb 24 10:31:39 rexs-t450s kernel: [68855.173717] audit: type=1400 
audit(1456338699.233:58): apparmor="STATUS" operation="profile_load" 
profile="unconfined" name="qemu_bridge_helper" pid=1541 comm="apparmor_parser"
Feb 24 10:31:39 rexs-t450s kernel: [68855.218794] device vnet0 entered 
promiscuous mode
Feb 24 10:31:39 rexs-t450s kernel: [68855.234823] virbr1: port 2(vnet0) entered 
listening state
Feb 24 10:31:39 rexs-t450s kernel: [68855.234830] virbr1: port 2(vnet0) entered 
listening state
Feb 24 10:31:39 rexs-t450s kernel: [68855.444422] audit: type=1400 
audit(1456338699.505:59): apparmor="STATUS" operation="profile_replace" 
profile="unconfined" name="libvirt-5f4214d2-91d5-49ac-be10-dc1efa2ea391" 
pid=1625 comm="apparmor_parser"
Feb 24 10:31:39 rexs-t450s kernel: [68855.454929] audit: type=1400 
audit(1456338699.517:60): apparmor="STATUS" operation="profile_replace" 
profile="unconfined" name="qemu_bridge_helper" pid=1625 comm="apparmor_parser"
Feb 24 10:31:39 rexs-t450s kernel: [68855.494790] device vnet1 entered 
promiscuous mode
Feb 24 10:31:39 rexs-t450s kernel: [68855.510824] virbr2: port 2(vnet1) entered 
listening state
Feb 24 10:31:39 rexs-t450s kernel: [68855.510837] virbr2: port 2(vnet1) entered 
listening state
Feb 24 10:31:39 rexs-t450s kernel: [68855.658917] audit: type=1400 
audit(1456338699.721:61): apparmor="STATUS" operation="profile_replace" 
profile="unconfined" name="libvirt-5f4214d2-91d5-49ac-be10-dc1efa2ea391" 
pid=1696 comm="apparmor_parser"
Feb 24 10:31:39 rexs-t450s kernel: [68855.667013] audit: type=1400 
audit(1456338699.729:62): apparmor="STATUS" operation="profile_replace" 
profile="unconfined" name="qemu_bridge_helper" pid=1696 comm="apparmor_parser"
Feb 24 10:31:39 rexs-t450s kernel: [68855.732437] audit: type=1400 
audit(1456338699.793:63): apparmor="DENIED" operation="open" 
profile="libvirt-5f4214d2-91d5-49ac-be10-dc1efa2ea391" name="/proc/1701/fd/" 
pid=1701 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=112 
ouid=112
Feb 24 10:31:39 rexs-t450s kernel: [68855.733164] audit: type=1400 
audit(1456338699.793:64): apparmor="DENIED" operation="capable" 
profile="libvirt-5f4214d2-91d5-49ac-be10-dc1efa2ea391" pid=1701 comm="pt_chown" 
capability=3  capname="fowner"
Feb 24 10:31:39 rexs-t450s kernel: [68855.738959] virbr2: port 2(vnet1) entered 
disabled state
Feb 24 10:31:39 rexs-t450s kernel: [68855.740443] device vnet1 left promiscuous 
mode
Feb 24 10:31:39 rexs-t450s kernel: [68855.740446] virbr2: port 2(vnet1) entered 
disabled state
Feb 24 10:31:39 rexs-t450s kernel: [68855.775011] virbr1: port 2(vnet0) entered 
disabled state
Feb 24 10:31:39 rexs-t450s kernel: [68855.776808] device vnet0 left promiscuous 
mode
Feb 24 10:31:39 rexs-t450s kernel: [68855.776812] virbr1: port 2(vnet0) entered 
disabled state
Feb 24 10:31:39 rexs-t450s libvirtd[731]: failed to connect to monitor socket: 
No such process
Feb 24 10:31:40 rexs-t450s kernel: [68856.019796] audit: type=1400 
audit(1456338700.081:65): apparmor="STATUS" operation="profile_remove" 
profile="unconfined" name="libvirt-5f4214d2-91d5-49ac-be10-dc1efa2ea391" 
pid=1814 comm="apparmor_parser"


** Attachment added: "libvirt-qemu"
   
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1342083/+attachment/4580222/+files/libvirt-qemu

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1342083

Title:
  "Failed to create chardev" due to apparmor DENIED execute of
  "/usr/lib/pt_chown"

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1342083/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs

Reply via email to