Thanks Jamie for providing an approach that is a compromise between upstreams needs and Ubuntu as a downstream - as well as at the same time being a tradeoff between comfort and security.
I'll implement this as a downstream change in 19.10:
- add the comment to the config (thanks for writing it up)
- change the code to allow it in any case
But for older releases I'd decide that we don't want to change this through an SRU.
There the solution for users who depend on it to add
/dev/vhost-net rw,
to
If existing (>= 18.10)
/etc/apparmor.d/local/abstractions/libvirt-qemu
or otherwise to
/etc/apparmor.d/abstractions/libvirt-qemu
Thanks Jamie for providing an approach that is a compromise between upstreams needs and Ubuntu as a downstream - as well as at the same time being a tradeoff between comfort and security.
I'll implement this as a downstream change in 19.10:
- add the comment to the config (thanks for writing it up)
- change the code to allow it in any case
But for older releases I'd decide that we don't want to change this through an SRU. apparmor. d/local/ abstractions/ libvirt- qemu apparmor. d/abstractions/ libvirt- qemu
There the solution for users who depend on it to add
/dev/vhost-net rw,
to
If existing (>= 18.10)
/etc/
or otherwise to
/etc/