Hello Christian, On 2017-03-30 06:18 AM, ChristianEhrhardt wrote: > So the following might serve as a temporary workaround adding "/dev/zd[0-9]* > rw" to /etc/apparmor.d/abstractions/libvirt-qemu.
What I did something similar but less convenient. My goal was to keep the per-VM isolation so I added the corresponding "/dev/zdXX rw" rule to the /etc/apparmor.d/libvirt/libvirt-$uuid file and reload that profile. > I see that this needs dev-activity -> upstream-libvirt -> merge new > libvirt -> SRUs so I wanted to provide some sort of workaround. Yes, makes sense and your workaround is easier. Having this eventually land in a SRU would be greatly appreciated. > TODO: > - get aa-helper to consider pool zvols > - resolve symlink as we need the target in the rule That is correct, Apparmor always operate on the destination file. There should already be code in aa-helper to track down the destination file as I assume the situation is pretty similar to that of LVM. As always, thanks for the precise problem dissection and fast response! -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1677398 Title: Apparmor prevents using ZFS storage pools To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1677398/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
