I think they vhost_scsi might be covered by AppArmorSetSecurityHostLabel adding the rule as needed. I'm not so sure on vhost_vsock. Certainly worth to come up with a few tests and ensure that is true for all early/late access cases when implementing this.
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1815910 Title: Apparmor blocks access to /dev/vhost-net To manage notifications about this bug go to: https://bugs.launchpad.net/charm-nova-compute/+bug/1815910/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
