On init amon other things libpmem will do:
161 /*
162 * os_auto_flush -- check if platform supports auto flush for all regions
163 *
164 * Traverse "/sys/bus/nd/devices" path to find all the nvdimm regions,
165 * then for each region checks if "persistence_domain" file exists and
166 * contains "cpu_cache" string.
167 * If for any region "persistence_domain" entry does not exists, or its
168 * context is not as expected, assume eADR is not available on this
platform.
169 */
That will open "." and PWD for a libvirt executed qemu will be nothing => "/"
Followed by "/sys/bus/nd/devices"
But from the code I see that it expects there to be symlinks.
We will need the patterns those will follow to add rules for those as well.
TODO:
1. silence access to "/"
2. allow enumeration (read only) of
/sys/bus/nd/devices r,
/sys/bus/nd/devices/* r,
3. find where the symlinks usually point to and add these
Can we find a way to only add these when pmem is actually used?
In that case we want to silence #2 as well, but allow it if used
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1871354
Title:
apparmor denies related to nvdimms/nfit
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1871354/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
