[libvirt] [PATCH] apparmor: pass attach_disconnected
to cure + virsh lxc-enter-namespace --noseclabel <container> <cmd> libvirt: error : Expected at least one file descriptor error: internal error: Child process (2714) unexpected exit status 125 caused by apparmor="DENIED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/libvirtd" name="" pid=1422 comm="libvirtd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 --- Thanks to intrigeri for the suggestion! examples/apparmor/usr.sbin.libvirtd | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd index 48651b28f..b7e47f5c3 100644 --- a/examples/apparmor/usr.sbin.libvirtd +++ b/examples/apparmor/usr.sbin.libvirtd @@ -2,7 +2,7 @@ #include <tunables/global> @{LIBVIRT}="libvirt" -/usr/sbin/libvirtd { +/usr/sbin/libvirtd flags=(attach_disconnected) { #include <abstractions/base> #include <abstractions/dbus> -- 2.11.0
Hi, Guido Günther:
to cure
+ virsh lxc-enter-namespace --noseclabel <container> <cmd> libvirt: error : Expected at least one file descriptor error: internal error: Child process (2714) unexpected exit status 125
caused by
apparmor="DENIED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/libvirtd" name="" pid=1422 comm="libvirtd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 --- Thanks to intrigeri for the suggestion!
Tested for my use cases, doesn't break anything, so FWIW: Acked-by: intrigeri <intrigeri@debian.org>
Ha intrigeri beat me by 3 minutes with feedback :-) Tested it as well over lunch time, working for me too now: That said: Acked-by Christian Ehrhardt <christian.ehrhardt@canonical.com> On Mon, Dec 19, 2016 at 2:35 PM, intrigeri <intrigeri+libvirt@boum.org> wrote:
Hi,
Guido Günther:
to cure
+ virsh lxc-enter-namespace --noseclabel <container> <cmd> libvirt: error : Expected at least one file descriptor error: internal error: Child process (2714) unexpected exit status 125
caused by
apparmor="DENIED" operation="open" info="Failed name lookup - disconnected path" error=-13 profile="/usr/sbin/libvirtd" name="" pid=1422 comm="libvirtd" requested_mask="r" denied_mask="r" fsuid=0 ouid=0 --- Thanks to intrigeri for the suggestion!
Tested for my use cases, doesn't break anything, so FWIW:
Acked-by: intrigeri <intrigeri@debian.org>
-- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
-- Christian Ehrhardt Software Engineer, Ubuntu Server Canonical Ltd
Hi intrigeri, Hi Christian, thanks for testing! On Mon, Dec 19, 2016 at 02:38:57PM +0100, Christian Ehrhardt wrote:
Ha intrigeri beat me by 3 minutes with feedback :-) Tested it as well over lunch time, working for me too now: That said: Acked-by Christian Ehrhardt <christian.ehrhardt@canonical.com>
Pushed now. -- Guido
participants (3)
-
Christian Ehrhardt -
Guido Günther -
intrigeri