I have the following alternations on the test now: A1) on bare metal hirsute A2) on LXD Hisute (on Focal Host)
B1) attach a single disk B2) attach a disk with backing chain (profile is appended and reload twice) C1) old libvirt code (can only do one disk) C2) new libvirt code (iterates backing chain) D1) do the same actions manually in qemu-monitor+apparmor tools D2) run test through libvirt Only A2+B2+C2+D2 is failing. The rest I could clear by re-setting test environments to be sure old traces/experiments are gone. I'll update the description. P.S. I can stop libvirt with qemu at any point e.g. after adding one or both rules to the guest and before qemu is told to access the files. The profile on disk looks right and AFAICS it is loaded as that - yet the access from qemu is denied then. TL;DR: Still an odd fail, only in container environment and unclear why/what happens. Please guide me what you'd need next to get this any further. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1912214 Title: qemu can't access files that are added as rules on hot-add To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/1912214/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
