FYI - bug for better local overrides which would allow e.g. more
granular workarounds is bug 1745114
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1739674
Title:
virsh Fails at Hot Plugging Network
I discussed with a few more people, to get this resolved is a major dev
effort on the dynamic apparmor for libvirt/qemu - and we only have
unproven ideas how to do it for now.
I made this "a sibling" of bug 1677398 which I tracked for just this
already.
Sorry I can't help immediately, but
Note: checked against latest libvirt plus all my incoming libvirt
improvements on security domain callbacks - still affected.
The generated profile on the replace triggers:
operation="profile_replace" info="same as current profile, skipping"
Note: workaround for now if you are affected
Add
The add should be done by "get_files" which is called on create and
reload mode.
A call in such a case is like:
-p 0 -r -u libvirt-ebd1d390-05b4-4078-b7a3-a6322142b516 -F /dev/net/tun
If using user net I see the net-dev appearing in the XML eventually, but
on this call to virt-aa-helper it seems
Note: I now checked the stack based on newer libvirt, this is occurring
up to the latest version (what we have in Artful libvirt=3.6).
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1739674
Title:
Hi Launchy Man,
and thanks for your report.
So to clarify you get an error like:
apparmor="DENIED" operation="file_receive" profile="libvirt-..."
name="/dev/vhost-net" comm="qemu-system-x86" requested_mask="rw"
denied_mask="rw"
The fix for this actually made it upstream in [1].
Since then
