I checked vsock devices, those are fully mediated by libvirt and only an
already open FD is passed when using those.
Without apparmor allowing a new open to qemu I have:
sudo lsof -p 9445 +fg | grep vhost
qemu-syst 9445 libvirt-qemu 19u CHR RW,LG 10,241
0t0 503 /dev/vhost-vsock
For:
<vsock model='virtio'>
<cid auto='yes'/>
</vsock>
So vsock is good as-is
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1815910
Title:
Apparmor blocks access to /dev/vhost-net
To manage notifications about this bug go to:
https://bugs.launchpad.net/charm-nova-compute/+bug/1815910/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
