On 1/18/23 10:43, Andrea Bolognani wrote: > Commit 379c0ce4bfed introduced a call to umount(/dev) performed > inside the namespace that we run QEMU in. > > As a result of this, on machines using AppArmor, VM startup now > fails with > > internal error: Process exited prior to exec: libvirt: > QEMU Driver error: failed to umount devfs on /dev: Permission denied > > The corresponding denial is > > AVC apparmor="DENIED" operation="umount" profile="libvirtd" > name="/dev/" pid=70036 comm="rpc-libvirtd" > > Extend the AppArmor configuration for virtqemud and libvirtd so > that this operation is allowed. > > Signed-off-by: Andrea Bolognani <abologna@xxxxxxxxxx> > --- > src/security/apparmor/usr.sbin.libvirtd.in | 1 + > src/security/apparmor/usr.sbin.virtqemud.in | 1 + > 2 files changed, 2 insertions(+) Reviewed-by: Michal Privoznik <mprivozn@xxxxxxxxxx> For more background on why umount is needed see my reply to Jim's question from earlier: https://listman.redhat.com/archives/libvir-list/2023-January/237149.html Michal
