Christian, I was able to test your PPA build on Zesty. FYI, I test with a guest having the 3 storage devices:
<disk type='file' device='disk'> <driver name='qemu' type='raw' cache='none'/> <source file='/dev/nvme0n1p6'/> <target dev='vda' bus='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </disk> <disk type='file' device='disk'> <driver name='qemu' type='raw' cache='none'/> <source file='/dev/zvol/internal/apt'/> <target dev='vdb' bus='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/> </disk> <disk type='file' device='disk'> <driver name='qemu' type='raw' cache='none'/> <source file='/dev/drbd/by-disk/nvme0n1p6'/> <target dev='vdc' bus='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0'/> </disk> The only Apparmor denial I got was the read access on /dev/drbd0 which was caused by the symlink /dev/drbd/by-disk/nvme0n1p6 pointing there: # readlink -e /dev/drbd/by-disk/nvme0n1p6 /dev/drbd0 So once you add the "/dev/drbd[0-9]* r," rule, this bug should be fully addressed. FYI, I added the drbd rule locally and it tested fine. Thanks again for all your help. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1641618 Title: Apparmor denials caused by virt-aa-helper trying to read zvol devices (/dev/zdX) should be silenced To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1641618/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs