Thanks Jamie for providing an approach that is a compromise between
upstreams needs and Ubuntu as a downstream - as well as at the same time
being a tradeoff between comfort and security.
I'll implement this as a downstream change in 19.10:
- add the comment to the config (thanks for writing it up)
- change the code to allow it in any case
But for older releases I'd decide that we don't want to change this through an
SRU.
There the solution for users who depend on it to add
/dev/vhost-net rw,
to
If existing (>= 18.10)
/etc/apparmor.d/local/abstractions/libvirt-qemu
or otherwise to
/etc/apparmor.d/abstractions/libvirt-qemu
** Also affects: libvirt (Ubuntu Disco)
Importance: Undecided
Status: In Progress
** Also affects: libvirt (Ubuntu Ee-series)
Importance: Undecided
Status: New
** Changed in: libvirt (Ubuntu Ee-series)
Status: New => Triaged
** Changed in: libvirt (Ubuntu Disco)
Status: In Progress => Won't Fix
** Changed in: libvirt (Ubuntu Cosmic)
Status: Triaged => Won't Fix
** Changed in: libvirt (Ubuntu Bionic)
Status: Triaged => Won't Fix
** Tags added: libvirt-19.10
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1815910
Title:
Apparmor blocks access to /dev/vhost-net
To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-nova-compute/+bug/1815910/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
