FWIW I'm testing on Xenial with the latest libvirt packages for Ubuntu; the generated apparmor profile .files file for my instances correctly grants access to /var/run/openvswitch/<vhostusersocket>:
"/run/openvswitch/vhu8b11d723-35" rw, /dev/vhost-net rw, Remaining problem is that with the default libvirt user/group for qemu processes, the qemu instance can't actually read/write the vhostuser socket - switching to root/root fixes this problem but does result in all qemu processes running as the root user which is less than ideal. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1513367 Title: qemu-system-x86_64/kvm-spice failed to boot a vm with appmor enabled To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1513367/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
