To really be worth the "confirmed" I also checked the zfs case.
# create most basic zfs on the LV (because it had free space)
sudo zpool create -f zfsp1 /dev/mapper/testvg-testlv--forzfs
sudo zfs create -ps -V 10G zfsp1/zfsvol1
# which gives me
/dev/zvol/zfsp1/zfsvol1 -> /dev/zd0
Added the matching XML
<disk type='file' device='disk'>
<driver name='qemu' type='raw' cache='none'/>
<source file='/dev/zvol/zfsp1/zfsvol1'/>
<target dev='vde' bus='virtio'/>
</disk>
# Got just like you the zfs deny:
[2165239.463108] audit: type=1400 audit(1479809919.223:4083): apparmor="DENIED"
operation="open" profile="/usr/lib/libvirt/virt-aa-helper" name="/dev/zd0"
pid=16715 comm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=0
ouid=0
Seeing that I expect any kind of special /dev might be affected. Thinking of
special architectures like /dev/dasd on s390x.
I'd need to find where in the current profiles e.g. LVM is covered to add it
there.
Waiting for Simon to answer the questions I outlined before.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1641618
Title:
Apparmor denials caused by virt-aa-helper trying to read zvol devices
(/dev/zdX) should be silenced
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1641618/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
