Thanks for reporting this bug.
Can you show the xml for the libvirt managed nfs storage and for the VM?
The virt-aa-helper policy has
# needed for when disk is on a network filesystem
network inet,
Which I suspect should prevent this from happening, so I will target
this at apparmor.
** Also affects: apparmor (Ubuntu)
Importance: Undecided
Status: New
--
You received this bug notification because you are a member of Ubuntu
Touch seeded packages, which is subscribed to apparmor in Ubuntu.
https://bugs.launchpad.net/bugs/1511830
Title:
apparmor denies VM startup when image is network mounted
Status in apparmor package in Ubuntu:
New
Status in libvirt package in Ubuntu:
New
Bug description:
If I attempt to start a VM with one of its disk images on a libvirt
managed NFS mount, it fails:
Oct 30 15:30:56 athens kernel: [545232.917662] audit: type=1400
audit(1446233456.718:81): apparmor="DENIED" operation="sendmsg"
profile="/usr/lib/libvirt/virt-aa-helper" pid=13760 comm="virt-aa-
helper" laddr=fd60:e0:a0f4:121::8 lport=757 faddr=fd60:e0:a0f4:121::4
fport=2049 family="inet6" sock_type="stream" protocol=6
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1511830/+subscriptions
--
Mailing list: https://launchpad.net/~touch-packages
Post to : touch-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~touch-packages
More help : https://help.launchpad.net/ListHelp
