Setting the per-guest profile to complain is hard if there is no guest
profile yet :-/
But still that works:
sudo aa-complain
/etc/apparmor.d/libvirt/libvirt-7e8d7cf7-b06b-47c3-8cf7-197ddd8be8b1
To be able to do so you need to fail-start it once so the files are laid out.
Then set it to complain and you can start the guest.
Now in this way to start it is adding the section:
<backingStore type='file' index='1'>
<format type='qcow2'/>
<source
file='/var/lib/uvtool/libvirt/images/x-uvt-b64-Y29tLnVidW50dS5jbG91ZC5kYWlseTpzZXJ2ZXI6MTcuMTA6cHBjNjRlbCAyMDE3MDcxMw=='/>
<backingStore/>
</backingStore>
Just as we need it.
So maybe the timing when this info gets added changed.
And at the point virt-aa-helper calls the iterator it is not yet added and
therefore does not get a rule added.
Later on it still seems to be added thou as seen by the example in aa-complain
mode.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1704782
Title:
qcow base image apparmor rule missing in artful
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1704782/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
