Ok, bionic.
The last update in regard to apparmor there was pre-release end of march.
I'm not seeing what would break you.
Well lets look at the XML of yours ...
Ok I found your issue, but it should (tm) never have worked.
You have this:
<qemu:commandline>
<qemu:arg value='-drive'/>
<qemu:arg
value='file=/var/lib/libvirt/images/nvme0.qcow2,if=none,id=nvme0,format=qcow2'/>
<qemu:arg value='-device'/>
<qemu:arg value='nvme,drive=nvme0,serial=nvme0,cmb_size_mb=0'/>
</qemu:commandline>
Which makes qemu access /var/lib/libvirt/images/nvme0.qcow2
Libvirt (and also virt-aa-helper which is part of libvirt) doesn't know about
things in the qemu: xml namespace.
Therefore it doesn't generate you a rule for /var/lib/libvirt/images/nvme0.qcow2
You can either try to consume it via libvirt xml entries (but I assume you need
the nvme type configs that libvirt doesn't expose yet) OR you can allow guests
in general to access /var/lib/libvirt/images/nvme0.qcow2 or any similar pattern
by modifying /etc/apparmor.d/abstractions/libvirt-qemu and adding a rule.
I really doubt this can be update related, as the same would not have
worked since libvirt/qemu have apparmor support, which seems like a
decade ago.
I hope that helps you to fix our guest-config to get going again.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1772936
Title:
Apparmor enforcment blocks image permissions in libvirtd
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1772936/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
