Christian, I was able to test your PPA build on Zesty. FYI, I test with
a guest having the 3 storage devices:
<disk type='file' device='disk'>
<driver name='qemu' type='raw' cache='none'/>
<source file='/dev/nvme0n1p6'/>
<target dev='vda' bus='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03'
function='0x0'/>
</disk>
<disk type='file' device='disk'>
<driver name='qemu' type='raw' cache='none'/>
<source file='/dev/zvol/internal/apt'/>
<target dev='vdb' bus='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02'
function='0x0'/>
</disk>
<disk type='file' device='disk'>
<driver name='qemu' type='raw' cache='none'/>
<source file='/dev/drbd/by-disk/nvme0n1p6'/>
<target dev='vdc' bus='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04'
function='0x0'/>
</disk>
The only Apparmor denial I got was the read access on /dev/drbd0 which was
caused by the symlink /dev/drbd/by-disk/nvme0n1p6 pointing there:
# readlink -e /dev/drbd/by-disk/nvme0n1p6
/dev/drbd0
So once you add the "/dev/drbd[0-9]* r," rule, this bug should be fully
addressed. FYI, I added the drbd rule locally and it tested fine. Thanks
again for all your help.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1641618
Title:
Apparmor denials caused by virt-aa-helper trying to read zvol devices
(/dev/zdX) should be silenced
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1641618/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
