Bug 1072402

Summary: virt-sandbox gets unmount denials
Product: [openSUSE] openSUSE Tumbleweed Reporter: Cédric Bosdonnat <cbosdonnat>
Component: Virtualization:ToolsAssignee: Cédric Bosdonnat <cbosdonnat>
Status: RESOLVED FIXED QA Contact: E-mail List <qa-bugs>
Severity: Normal    
Priority: P3 - Medium    
Version: Current   
Target Milestone: ---   
Hardware: Other   
OS: Other   
Whiteboard:
Found By: --- Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---

Description Cédric Bosdonnat 2017-12-12 14:31:29 UTC
Steps to reproduce:
  * Make sure libvirtd is apparmor confined
  * Run virt-sandbox -p /bin/sh
  * Look for DENIED messages in /var/log/audit/audit.log

Actual:
  * When quitting the container, audit.log is filled with errors like this one:

    type=AVC msg=audit(1513071922.675:347): apparmor="DENIED" operation="umount"
    profile="libvirt-9fac700d-b492-40fb-bc49-dde8ea581cb4" name="/" pid=2805 comm="ld.so"

  * The error output is also filled with messages like this one:

    cannot unmount /tmp: Permission denied

Expected:
  * No complain!
Comment 1 Cédric Bosdonnat 2017-12-21 09:10:24 UTC
patch in factory and submitted upstream