Ubuntu
libvirt package

  1. Bug #1513367
  2. Comment #21

Comment 21 for bug 1513367

Revision history for this message
Serge Hallyn (serge-hallyn) wrote : Re: [Bug 1513367] Re: qemu-system-x86_64/kvm-spice failed to boot a vm with appmor enabled

Quoting James Page (<email address hidden>):
> 2) vhost-user device access
>
> The configuration for the vhost-user device created in OVS will also be
> blocked by apparmor:
>
> -chardev socket,id=charnet0,path=/var/run/openvswitch/vhu5392206b-dc
> -netdev type=vhost-user,id=hostnet0,chardev=charnet0 -device virtio-net-
> pci,netdev=hostnet0,id=net0,mac=fa:16:3e:e5:41:f1,bus=pci.0,addr=0x3
>
> I'm assuming these will always be located in /var/run/openvswitch - but
> that's probably a little to generic for an apparmor rule - do they
> always follow as particular naming convention?

virt-aa-helper should be providing access for this one, not a blanket
allow rule.