Is it possible to apply this patch to libvirt-bin package and allow to write to /var/lib/libvirt/qemu/ ?
For me it makes sense because disabling AppArmor for OpenStack is not a good idea so you will be exposed to security issues like Venom https://wiki.ubuntu.com/SecurityTeam/KnowledgeBase/VENOM << Additionally, the QEMU process is confined by an AppArmor profile that significantly lessens the impact of a vulnerability such as VENOM by reducing the host environment's attack surface >> $ dpkg -S /etc/apparmor.d/abstractions/libvirt-qemu libvirt-bin: /etc/apparmor.d/abstractions/libvirt-qemu ** Patch added: "Fix for" https://bugs.launchpad.net/nova/+bug/1227912/+attachment/4404897/+files/apparmor_libvirt-qemu.patch -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1227912 Title: instance fails to boot with qemu guest agent set in image metadata To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1227912/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
