This is a very old Delta we are still carrying. Compared to a lot of the delta which just has no trace where it came from this one had at least a bug link - yeah - thanks Jamie!
So for documentation purpose I'm updating here as I'm about to remove the related Delta on the next merge as it is safe to be removed. Case dependent tests: - We have an allow and a deny, who wins anyway? Discussed - denies are evaluated separate and win - so the rule was effective. - Test: 1. make a setup with disks owned by root and non-root (mixed) 2. run default - ok DROP the setpcap deny 3. run again - ok 4. disable apparmor security via seclabel none 5. run again - ok 6. repeat 1-5 with user/group set to root in /etc/libvirt/qemu.conf - all ok So it works fine in all cases related to the initial issue. Note: It will grab ownership for the time of the execution, example: -rw-r--r-- 1 root root 196616 Dec 14 15:46 test.qcow2 when run as extra user changes to: -rw-r--r-- 1 libvirt-qemu kvm 196616 Dec 14 15:46 test.qcow2 So we are good to drop that old change -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/522845 Title: compiling with libcap-ng disallows qemu/kvm access to files not owned by root when not using AppArmor To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/522845/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs