Release Notes for Ubuntu

Overview
Code
Bugs
Blueprints
Translations
Answers

Bug #656173
Comment #4

Comment 4 for bug 656173

Revision history for this message

James Page (james-page) wrote on 2010-10-07: Re: virt-aa-helper generate incomplete apparmor profiles with chained backing files

OK; I've now managed to re-produce the issue; It appears that virt-aa-helper only parses backing_files one level; in this case the full chain is two levels/three files, so the base qcow2 image is not included in the apparmor profile:

  "/var/log/libvirt/**/test.log" w,
  "/var/lib/libvirt/**/test.monitor" rw,
  "/var/run/libvirt/**/test.pid" rwk,
  "/home/jamespage/vms/test.qcow2" rw,
  "/home/jamespage/vms/test_base.qcow2" r,
  # don't audit writes to readonly files
  deny "/home/jamespage/vms/test_base.qcow2" w,

I incidentally found a potential bug in virt-install; it does not appear to recognise .qcow2 files and generates an xml definition with the disk type as raw.