search

roddhjav / apparmor.d

Full set of AppArmor profiles (~ 1500 profiles)
https://apparmor.pujol.io
GNU General Public License v2.0
447 stars 40 forks source link

The libvirtd profile is causing errors. #158

Closed mastezont closed 1 year ago

mastezont commented 1 year ago

Hello!

Linux Mint 20.1 and libvirt 8.0.0-1ubuntu7.4 I turned on the libvirt profile to enforce mode and errors immediately showed up.

DENIED  libvirtd sendmsg /run/systemd/notify comm=libvirtd requested_mask=w denied_mask=w
DENIED  libvirtd open /proc/248515/net/ip6_tables_names comm=ip6tables requested_mask=r denied_mask=r
DENIED  libvirtd open /proc/248517/net/ip6_tables_names comm=ip6tables requested_mask=r denied_mask=r
DENIED  libvirtd open /proc/248518/net/ip6_tables_names comm=ip6tables requested_mask=r denied_mask=r
DENIED  libvirtd open /home/lapa/Загрузки/ comm=daemon-init requested_mask=r denied_mask=r
DENIED  libvirtd open /mnt/vfs_share/ comm=daemon-init requested_mask=r denied_mask=r
DENIED  libvirtd open /home/ comm=daemon-init requested_mask=r denied_mask=r
DENIED  libvirtd open /run/udev/data/c21:6 comm=nodedev-init requested_mask=r denied_mask=r
DENIED  libvirtd open /run/udev/data/c21:4 comm=nodedev-init requested_mask=r denied_mask=r
DENIED  libvirtd open /run/udev/data/c21:2 comm=nodedev-init requested_mask=r denied_mask=r
DENIED  libvirtd open /run/udev/data/c21:0 comm=nodedev-init requested_mask=r denied_mask=r
DENIED  libvirtd open /run/udev/data/c21:5 comm=nodedev-init requested_mask=r denied_mask=r
DENIED  libvirtd open /run/udev/data/c21:3 comm=nodedev-init requested_mask=r denied_mask=r
DENIED  libvirtd open /run/udev/data/c21:1 comm=nodedev-init requested_mask=r denied_mask=r
DENIED  libvirtd open /run/udev/data/c99:0 comm=nodedev-init requested_mask=r denied_mask=r
DENIED  libvirtd open /run/udev/data/c6:0 comm=nodedev-init requested_mask=r denied_mask=r
DENIED  libvirtd open /run/udev/data/c108:0 comm=nodedev-init requested_mask=r denied_mask=r
DENIED  libvirtd open /usr/share/misc/pci.ids comm=nodedev-init requested_mask=r denied_mask=r
vbauerster commented 1 year ago

With version 0.1238-1, I have following complains:

ALLOWED libvirtd open /sys/kernel/debug/kvm/ comm=rpc-libvirtd requested_mask=r denied_mask=r class=file
ALLOWED libvirtd open /sys/kernel/debug/kvm/2902957-15/halt_poll_success_ns comm=rpc-libvirtd requested_mask=r denied_mask=r class=file
ALLOWED libvirtd open /sys/kernel/debug/kvm/2902957-15/halt_poll_fail_ns comm=rpc-libvirtd requested_mask=r denied_mask=r class=file
roddhjav commented 1 year ago

Thanks. Fixed.