There does seem to be a bug in there. Couple of points: 1. we do want to enforce that the media is readonly if libvirt says it is (hence the explicit deny) 2. we don't want to grant 'w' access in one line, only to take it away in an explicit deny 3. I don't know what 'relabel' is supposed to mean in the context of apparmor
So virt-aa-helper needs to refine its logic. The referenced commit isn't the actual problem though-- that bug was about when <readonly/> was present, qemu would try to open rw but apparmor would log the harmless denial. The commit simply silenced logging for a denial that was happening anyway. This bug is about applying that deny rule at the wrong time. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1004606 Title: virsh create-snapshot fails to create external snapshot (blockdev- snapshot-sync fails in json monitor) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1004606/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
