Interestingly, or perhaps not, merely running /etc/init.d/apparmor stop isn't enough. I stop AppArmor, restart Libvirt and then start my VMs. However upon starting a VM an AppArmor profile still gets loaded and thus AppArmor denies access to the USB device I want to pass through. I have to run /etc/init.d/apparmor stop again after the VM has been started. Then access to the USB device is allowed.
Looks weird to me but I haven't yet fully understood how and when AppArmor profiles are loaded. But I don't understand why it would deny access to a directory structure that is explicitly permitted in the profile: May 4 15:56:27 TESTHOST kernel: [75138.174346] type=1503 audit(1272981387.661:879): operation="open" pid=8053 parent=1 profile ="libvirt-959806d1-327a-cd14-6b3f-ddeee8a19d0e" requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0 name="/sys/devices/pci0000:00/0000:00:1e.0/0000:01:04.4/usb6/devnum" Unfortunately this is quite the blocker for me. -- apparmor driver blocks access to hostdev and pcidev devices https://bugs.launchpad.net/bugs/545795 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs