Hi, On 30.07.2016 14:06, intrigeri wrote: > So I don't see how we can make virsh attach-disk work under AppArmor > without either rebooting the guest to take into account the updated > profile, or extending the profile in advance (so that it allows access > to all disks that one may want to attach later to a domain).
AppArmor profile updates are supposed to be applied to running processes. According to upstream there is/was a bug in the kernel and the userspace tools. Debian unstable (Linux 4.6.4-1, apparmor 2.10.95-4) is affected by this bug. I haven't investigated further though. Felix
