Quoting James Page (james.p...@ubuntu.com): > 2) vhost-user device access > > The configuration for the vhost-user device created in OVS will also be > blocked by apparmor: > > -chardev socket,id=charnet0,path=/var/run/openvswitch/vhu5392206b-dc > -netdev type=vhost-user,id=hostnet0,chardev=charnet0 -device virtio-net- > pci,netdev=hostnet0,id=net0,mac=fa:16:3e:e5:41:f1,bus=pci.0,addr=0x3 > > I'm assuming these will always be located in /var/run/openvswitch - but > that's probably a little to generic for an apparmor rule - do they > always follow as particular naming convention?
virt-aa-helper should be providing access for this one, not a blanket allow rule. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1513367 Title: qemu-system-x86_64/kvm-spice failed to boot a vm with appmor enabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1513367/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
