FYI - dir based pools already work if they are in a common and expected path
like seen in
/etc/apparmor.d/usr.lib.libvirt.virt-aa-helper
@{HOME}/ r,
@{HOME}/** r,
/var/lib/libvirt/images/ r,
/var/lib/libvirt/images/** r,
# nova base images (LP: #907269)
/var/lib/nova/images/** r,
/var/lib/nova/instances/_base/** r,
# nova snapshots (LP: #1244694)
/var/lib/nova/instances/snapshots/** r,
# nova base/snapshot files in snapped nova (LP: #1644507)
/var/snap/nova-hypervisor/common/instances/_base/** r,
/var/snap/nova-hypervisor/common/instances/snapshots/** r,
# eucalyptus (LP: #564914)
/var/lib/eucalyptus/instances/**/disk* r,
# eucalyptus loader (LP: #637544)
/var/lib/eucalyptus/instances/**/loader* r,
# for uvtool
/var/lib/uvtool/libvirt/images/** r,
# for multipass
/var/snap/multipass/common/data/multipassd/vault/instances/** r,
/{media,mnt,opt,srv}/** r,
# For virt-sandbox
/{,var/}run/libvirt/**/[sv]d[a-z] r,
If you need to run out of a more uncommon path you just need to add yours to
/etc/apparmor.d/local/usr.lib.libvirt.virt-aa-helper
(more at https://ubuntu.com/server/docs/virtualization-libvirt)
That will allow virt-aa-helper to track these paths and add rules as needed.
This is working for various common use cases as uvtool or nova already.
Never the less I find it interesting to "see what happens" if calling into
virDomainDiskTranslateSourcePool so if you have some time please consider
answering my questions above.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1677398
Title:
Apparmor prevents using storage pools and hostdev networks
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1677398/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
