Hi Serge, Thanks for your quick response. I created a debdiff and I built a new package to test it. Indeed, now the apparmor profile shows this:
"/home/user/share/**" rwkl, "/home/user/share/" r, Unfortunately, this doesn't fully solve my problem but it actually does change the functionality a little. Now the weird thing is that from within the guest, I cannot create files/directories as the user who owns the share (the uid of guest and host are same). However, from within the guest, if I use the root user, I'm able to create the directory, even though the user should have rw access to the share that he owns. When I look at apparmor logs from /var/log/syslog, I see: Jun 7 10:49:05 sleungmini kernel: [409615.287515] type=1400 audit(1402163345.710:245): apparmor="DENIED" operation="capable" profile ="libvirt-865a1f4b-f7ab-428f-aa56-f30631565191" pid=31855 comm="pool" capability=3 capname="fowner" This now comes back to my original patch in this bug. Do you think perhaps these capabilities should be added by virt-aa-helper to the profile rather than the libvirt-qemu abstraction profile that is shared among all VMs? If so, where in the code handles that? Thanks again for your help and quick replies to all this! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1324251 Title: AppArmor denies guest from create/modify 9pfs files To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1324251/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
