Ubuntu
libvirt package

  1. Bug #1515791
  2. Comment #11

Comment 11 for bug 1515791

Revision history for this message
Leendert Keus (lj-keus) wrote : Re: apparmor for qemu is too restrictive for USB passthrough

The contents of /etc/apparmor.d/libvirt/libvirt-99917005-9251-4ea3-9e72-946b42061df1:
=======================================================================
#
# This profile is for the domain whose UUID matches this file.
#

#include <tunables/global>

profile libvirt-99917005-9251-4ea3-9e72-946b42061df1 {
  #include <abstractions/libvirt-qemu>
  #include <libvirt/libvirt-99917005-9251-4ea3-9e72-946b42061df1.files>

}
=======================================================================
The contents of /etc/apparmor.d/libvirt/libvirt-99917005-9251-4ea3-9e72-946b42061df1.files:
# DO NOT EDIT THIS FILE DIRECTLY. IT IS MANAGED BY LIBVIRT.
  "/var/log/libvirt/**/fedora20.log" w,
  "/var/lib/libvirt/**/fedora20.monitor" rw,
  "/var/run/libvirt/**/fedora20.pid" rwk,
  "/run/libvirt/**/fedora20.pid" rwk,
  "/var/run/libvirt/**/*.tunnelmigrate.dest.fedora20" rw,
  "/run/libvirt/**/*.tunnelmigrate.dest.fedora20" rw,
  "/vm/fedora/fed.qcow2" rw,
  "/var/lib/libvirt/qemu/channel/target/fedora20.org.qemu.guest_agent.0" rw,
  "/dev/bus/usb/004/003" rw,
  /dev/vhost-net rw,
  "/dev/net/tun" rw,
=======================================================================
Only a line for /dev/bus/usb/..., but no line for /run/udev/data/...

By the way; the line "/dev/bus/usb/*/[0-9]* rw," has always been in "/etc/apparmor.d/abstractions/libvirt-qemu" but for some reason removed from Wily Werewolf and in the line "/dev/bus/usb/ rw,", the mentioned "rw" is not required "r" is enough as per default. So only something for /run/udev/data/... is needed.