On Sun, Jan 02, 2022 at 08:49:05PM -0800, John Johansen wrote: > On 12/28/21 2:00 AM, Sina Kashipazha wrote: > > Hey there, > > > > I have two hosts in my setup, one of them uses AppArmor (h1), and > > another one doesn't have it (h2). I want to use virsh to live migrate > > my VMs from h1 to h2, but I'm not able to do that because the h2 host > > doesn't have the AppArmor policy. > > > > I was wondering, is it possible to edit the XML configuration file of > > the VM and disable AppArmor without restarting the VMs? > > > > AFAIK no, but you can manually remove the apparmor protection on the VM > by unloading the profiles. > > sudo aa-teardown > > will remove apparmor protections from the whole system. > > if you want to be more selective you can just unload the the VMs > profiles. Using apparmor_parser -R
My guess is that you're probably getting stuck on a *libvirt* check to make sure that source and destination systems are 'identical', and actually tearing down the apparmor profiles in place at runtime behind the back of libvirt will just lead to a very confused libvirt environment. It's my theory that trying to disable AppArmor itself on the sending machine isn't going to get you to where you want to go. I don't have an environment available for testing, but my guess is the virsh dumpxml --migratable may be able to emit XML that omits the security information. I hope this helps. Thanks
signature.asc
Description: PGP signature
-- AppArmor mailing list AppArmor@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
