I successfully verified the fix on Jammy
$ sudo apt install -y libvirt-daemon
....
$ apt policy libvirt-daemon
libvirt-daemon:
Installed: 8.0.0-1ubuntu7.14
Candidate: 8.0.0-1ubuntu7.14
Version table:
*** 8.0.0-1ubuntu7.14 500
500 http://archive.ubuntu.com/ubuntu jammy-proposed/main amd64 Packages
100 /var/lib/dpkg/status
8.0.0-1ubuntu7.13 500
500 http://archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages
I run several times this command for an existing libvirt VM:
$ sudo /usr/lib/libvirt/virt-aa-helper -r -u
libvirt-c5e1bd37-b39a-46de-a085-9651ea1b6077 -F /dev/fuse < vm.xml
And the AA profile only contains one occurance of of /dev/fuse:
$ cat
/etc/apparmor.d/libvirt/libvirt-c5e1bd37-b39a-46de-a085-9651ea1b6077.files
# DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT.
"/var/log/libvirt/**/tdvirsh-regular_vm-c5e1bd37-b39a-46de-a085-9651ea1b6077.log"
w,
"/var/lib/libvirt/qemu/domain-tdvirsh-regular_vm-c5e1bd37-b39a-46de-a085-9651ea1b6077/monitor.sock"
rw,
"/var/lib/libvirt/qemu/domain-1-tdvirsh-regular_vm-c/*" rw,
"/run/libvirt/**/tdvirsh-regular_vm-c5e1bd37-b39a-46de-a085-9651ea1b6077.pid"
rwk,
"/run/libvirt/**/*.tunnelmigrate.dest.tdvirsh-regular_vm-c5e1bd37-b39a-46de-a085-9651ea1b6077"
rw,
"/usr/share/ovmf/OVMF.fd" rk,
# don't audit writes to readonly files
deny "/usr/share/ovmf/OVMF.fd" w,
"/dev/net/tun" rwk,
"/dev/net/tun" rwk,
"/dev/fuse" rwk,
** Tags removed: verification-needed verification-needed-jammy
** Tags added: verification-done verification-done-jammy
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2120278
Title:
Apparmor /dev/net/tun overflow
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/2120278/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
