Bugzilla – Bug 911001
dnsmasq apparmor profile prevents libvirt default network to start
Last modified: 2020-06-05 02:52:53 UTC
This commit in libvirt forces dnsmasq to actually use the leaseshelper program: http://libvirt.org/git/?p=libvirt.git;a=commit;h=421406808abaf7eb66abd27d71c21ae5b783a380 The problem is that the dnsmasq apparmor profile prevents the libvirt default network to start due to: * Not allowing /bin/bash to be run * Not allowing leaseshealper contained in /usr/lib64 folder to be run. Note that this bug may hit 13.2 if an updated libvirt is shipped there.
Already got a patch for it
This is an autogenerated message for OBS integration: This bug (911001) was mentioned in https://build.opensuse.org/request/show/266151 Factory / apparmor
This is an autogenerated message for OBS integration: This bug (911001) was mentioned in https://build.opensuse.org/request/show/281956 13.2 / apparmor
Will this also be released as an update to 13.1?
(In reply to Jon Nelson from comment #4) > Will this also be released as an update to 13.1? @cboltz: did you have any plan to backport it to 13.1 too?
(In reply to Cedric Bosdonnat from comment #5) > (In reply to Jon Nelson from comment #4) > > Will this also be released as an update to 13.1? > > @cboltz: did you have any plan to backport it to 13.1 too? Not really ;-) - but the more interesting question is if it is needed for 13.1. Will 13.1 get updated libvirt packages that need the updated profile? - If yes, then I'll happiliy submit an update. - If not, I tend to say "wontfix for 13.1". Anyway, a SR to security:apparmor/apparmor_2_8 (that's my base for 12.3 updates) is always welcome ;-) and makes sure that it will be included in a future update.
(In reply to Christian Boltz from comment #6) > (In reply to Cedric Bosdonnat from comment #5) > > (In reply to Jon Nelson from comment #4) > > > Will this also be released as an update to 13.1? > > > > @cboltz: did you have any plan to backport it to 13.1 too? > > Not really ;-) - but the more interesting question is if it is needed for > 13.1. > > Will 13.1 get updated libvirt packages that need the updated profile? > - If yes, then I'll happiliy submit an update. > - If not, I tend to say "wontfix for 13.1". 13.1 won't change libvirt version later on, and doesn't have that problem since it doesn't start dnsmasq in the same way. So better say won't fix for 13.1
An update for 13.2 is on its way :-) https://build.opensuse.org/project/show/openSUSE:Maintenance:3469 As discussed before, wontfix for 13.1, but I'll accept patches to security:apparmor/apparmor_2_8
openSUSE-RU-2015:0216-1: An update that has 6 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 904620,905368,906858,907870,908856,911001 CVE References: Sources used: openSUSE 13.2 (src): apparmor-2.9.1-4.1
This is an autogenerated message for OBS integration: This bug (911001) was mentioned in https://build.opensuse.org/request/show/303872 Factory / apparmor
This is an autogenerated message for OBS integration: This bug (911001) was mentioned in https://build.opensuse.org/request/show/331402 Leap:42.1 / apparmor
This is an autogenerated message for OBS integration: This bug (911001) was mentioned in https://build.opensuse.org/request/show/390301 13.2 / apparmor
openSUSE-RU-2016:1063-1: An update that has 18 recommended fixes can now be installed. Category: recommended (moderate) Bug References: 853019,906858,911001,917577,918787,921098,923201,931792,939568,940749,945592,948584,948753,954104,954958,954959,964971,971790 CVE References: Sources used: openSUSE 13.2 (src): apparmor-2.9.3-7.1