apparmor, libvirt-qemu: Allow macvtap access
Bug #1704744 reported by
Christian Ehrhardt
This bug affects 1 person
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| libvirt (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
apparmor, libvirt-qemu: Allow macvtap access
Add rule to allow access to /dev/tap* used by macvtap.
SubmissionInfo: should be fixed via virt-aa-helper
Old Bug-Ubuntu: https:/
| tags: | added: virt-aa-helper |
| Changed in libvirt (Ubuntu): | |
| status: | New → Triaged |
Revision history for this message
| Christian Ehrhardt (paelzer) wrote | #1 |
Revision history for this message
| Christian Ehrhardt (paelzer) wrote | #2 |
| Changed in libvirt (Ubuntu): | |
| status: | Triaged → Fix Released |
To post a comment you must log in.
I found two styles to define, the latter being the more common one I knew.
Testing both to be sure.
1. macvtap via forward mode bridge network
<network>
<name>
<uuid>
<forward dev='eno2' mode='bridge'>
<interface dev='eno2'/>
</forward>
</network>
Then in the guest
<interface type='network'>
<source network=
<model type='virtio'/>
</interface>
2. macvtap via direct guest interface
<interface type='direct' >
<source dev='eno3'/>
</interface>
Both work nowadays.
This already generates (changing as needed):
/etc/apparmor.
/etc/apparmor.
This is actually doen since ages via domainSetSecuri
Time to drop the following patch next merge:
0002-