The contents of
/etc/apparmor.d/libvirt/libvirt-99917005-9251-4ea3-9e72-946b42061df1:
=======================================================================
#
# This profile is for the domain whose UUID matches this file.
#
#include <tunables/global>
profile libvirt-99917005-9251-4ea3-9e72-946b42061df1 {
#include <abstractions/libvirt-qemu>
#include <libvirt/libvirt-99917005-9251-4ea3-9e72-946b42061df1.files>
}
=======================================================================
The contents of
/etc/apparmor.d/libvirt/libvirt-99917005-9251-4ea3-9e72-946b42061df1.files:
# DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT.
"/var/log/libvirt/**/fedora20.log" w,
"/var/lib/libvirt/**/fedora20.monitor" rw,
"/var/run/libvirt/**/fedora20.pid" rwk,
"/run/libvirt/**/fedora20.pid" rwk,
"/var/run/libvirt/**/*.tunnelmigrate.dest.fedora20" rw,
"/run/libvirt/**/*.tunnelmigrate.dest.fedora20" rw,
"/vm/fedora/fed.qcow2" rw,
"/var/lib/libvirt/qemu/channel/target/fedora20.org.qemu.guest_agent.0" rw,
"/dev/bus/usb/004/003" rw,
/dev/vhost-net rw,
"/dev/net/tun" rw,
=======================================================================
Only a line for /dev/bus/usb/..., but no line for /run/udev/data/...
By the way; the line "/dev/bus/usb/*/[0-9]* rw," has always been in
"/etc/apparmor.d/abstractions/libvirt-qemu" but for some reason removed
from Wily Werewolf and in the line "/dev/bus/usb/ rw,", the mentioned
"rw" is not required "r" is enough as per default. So only something for
/run/udev/data/... is needed.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1515791
Title:
apparmor for qemu is too restrictive for USB passthrough
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1515791/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
