[Bug 1815910] [NEW] Apparmor blocks access to /dev/vhost-net

Public bug reported: During attach new interface to the instance, I have an error (from dmesg): [1387677.245725] audit: type=1400 audit(1550147444.575:10991): apparmor="DENIED" operation="file_receive" profile="libvirt-fc5b1ccd- 6d5c-459e-8d6b-b98c26df504e" name="/dev/vhost-net" pid=36309 com

[Bug 1815910] Re: Apparmor blocks access to /dev/vhost-net

Thanks Christian for replying. Yes, I spawn instance without network interface and after a while I would like to add it to the VM so it raises me an error. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bug

[Bug 1815910] Re: Apparmor blocks access to /dev/vhost-net

Thanks Christian. So I will wait for merge your patch. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1815910 Title: Apparmor blocks access to /dev/vhost-net To manage notifications about this bug g

[Bug 1815910] Re: Apparmor blocks access to /dev/vhost-net

Thanks @Christian for continuing the discussion. @James Page, I also use neutron ml2 ovs driver. I understand that in default nova policy, only administrator can spawn instance without any interface, but if someone else can "tune" the policy, he/she will have a problem. -- You received this bug