For the record I've reproduced this.
Interestingly, /dev/dm-2 *is* in the allowed list. Following is the
syslog entry:
Jan 5 10:07:11 sergelap kernel: [ 5768.408495] type=1400
audit(1325779631.010:95): apparmor="DENIED" operation="open" parent=1606
profile="/usr/lib/libvirt/virt-aa-helper" name="/dev/dm-2" pid=13978
comm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Jan 5 10:07:11 sergelap kernel: [ 5768.682389] type=1400
audit(1325779631.286:96): apparmor="STATUS" operation="profile_load"
name="libvirt-defba839-e7fc-1290-17b4-d0e8c1e68296" pid=13985
comm="apparmor_parser"
So it is virt-aa-helper's profile which needs to be updated, not that of
the VMs. In particular:
/etc/apparmor.d/usr.lib.libvirt.virt-aa-helper
** Changed in: libvirt (Ubuntu)
Status: New => Triaged
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/912007
Title:
Apparmor profile denies access to /dev/dm-* for guests using LVM
partitions storage
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/912007/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
