[Bug 1762769] Re: missing entry at apparmor profile for nova instances

[Stefan Hoffmann]

Thanks for your reply.

Actually I use libvirt 1.3. There an entry for the instance console.log is 
createt at apparmor.d.
/etc/apparmor.d/libvirt/libvirt-4612b952-1df7-4f30-a6af-8af2616b41a4.files:

# DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT.
  "/var/log/libvirt/**/instance-00000004.log" w,
  "/var/lib/libvirt/qemu/domain-instance-00000004/monitor.sock" rw,
  "/var/run/libvirt/**/instance-00000004.pid" rwk,
  "/run/libvirt/**/instance-00000004.pid" rwk,
  "/var/run/libvirt/**/*.tunnelmigrate.dest.instance-00000004" rw,
  "/run/libvirt/**/*.tunnelmigrate.dest.instance-00000004" rw,
  "/var/lib/nova/instances/4612b952-1df7-4f30-a6af-8af2616b41a4/disk" rw,
  "/var/lib/nova/instances/_base/a384e02b9e9b6097573a68b9e7ade76432f819a0" r,
  "/var/lib/nova/instances/4612b952-1df7-4f30-a6af-8af2616b41a4/console.log" rw,
  "/var/lib/nova/instances/4612b952-1df7-4f30-a6af-8af2616b41a4/console.log" rw,
  # for qemu guest agent channel
  owner "/var/lib/libvirt/qemu/channel/target/domain-instance-00000004/**" rw,
  /dev/vhost-net rw,
  "/dev/net/tun" rw,

Has this changed with version 3? I can't find any entry at apparmor.d that 
allows all (or one) instances access to the 
/var/lib/nova/instances/{id}/console.log at libvirt version 3.
Is there any way to configure libvirt to change the apparmor profiles?

The other informations you wanted i will provide soon.

-- 
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1762769

Title:
  missing entry at apparmor profile for nova instances

To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-archive/+bug/1762769/+subscriptions

-- 
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs