[Bug 1968586] Re: apparmor rules block socket and log creation
Christian Ehrhardt
1968586 at bugs.launchpad.net
Tue Apr 12 16:22:46 UTC 2022
*** This bug is a duplicate of bug 1968187 ***
https://bugs.launchpad.net/bugs/1968187
Hi, I think we discovered that issue twice.
Marked as a dup as we are further in the other case.
** This bug has been marked a duplicate of bug 1968187
apparmor denial when using swtpm
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to swtpm in Ubuntu.
https://bugs.launchpad.net/bugs/1968586
Title:
apparmor rules block socket and log creation
Status in swtpm package in Ubuntu:
New
Bug description:
While testing using openstack, guests failed to launch and these
denied messages were logged:
[ 8307.089627] audit: type=1400 audit(1649684291.592:109):
apparmor="DENIED" operation="mknod" profile="swtpm"
name="/run/libvirt/qemu/swtpm/11-instance-0000000b-swtpm.sock"
pid=141283 comm="swtpm" requested_mask="c" denied_mask="c" fsuid=117
ouid=117
[10363.999211] audit: type=1400 audit(1649686348.455:115):
apparmor="DENIED" operation="open" profile="swtpm"
name="/var/log/swtpm/libvirt/qemu/instance-0000000e-swtpm.log"
pid=184479 comm="swtpm" requested_mask="ac" denied_mask="ac" fsuid=117
ouid=117
Adding
/run/libvirt/qemu/swtpm/* rwk,
/var/log/swtpm/libvirt/qemu/* rwk,
to /etc/apparmor.d/usr.bin.swtpm and reloading the profile seems to fix the issue.
(Note: This is very similar to existing Bug #1968335)
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/swtpm/+bug/1968586/+subscriptions
More information about the foundations-bugs
mailing list