Ubuntu
libvirt package

  1. Bug #545795
  2. Comment #17

Comment 17 for bug 545795

Revision history for this message
Andreas Ntaflos (daff) wrote : Re: apparmor driver blocks access to hostdev and pcidev devices

Interestingly, or perhaps not, merely running /etc/init.d/apparmor stop isn't enough. I stop AppArmor, restart Libvirt and then start my VMs. However upon starting a VM an AppArmor profile still gets loaded and thus AppArmor denies access to the USB device I want to pass through. I have to run /etc/init.d/apparmor stop again after the VM has been started. Then access to the USB device is allowed.

Looks weird to me but I haven't yet fully understood how and when AppArmor profiles are loaded. But I don't understand why it would deny access to a directory structure that is explicitly permitted in the profile:

May 4 15:56:27 TESTHOST kernel: [75138.174346] type=1503 audit(1272981387.661:879): operation="open" pid=8053 parent=1 profile="libvirt-959806d1-327a-cd14-6b3f-ddeee8a19d0e" requested_mask="r::" denied_mask="r::" fsuid=0 ouid=0 name="/sys/devices/pci0000:00/0000:00:1e.0/0000:01:04.4/usb6/devnum"

Unfortunately this is quite the blocker for me.