Apparmor profile does not authorize access to shared filesystems
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libvirt (Ubuntu) |
Triaged
|
Medium
|
Unassigned |
Bug Description
Adding a filesystem share to a guest does not translate in the required Apparmor access rules in the guest profile.
After adding the following to the guest definition :
<filesystem type='mount' accessmode=
<source dir='/home/
<target dir='/mnt/9p'/>
</filesystem>
Accessing the 9p filesystem in the guest gives this error in the host :
Feb 29 18:25:40 simon-laptop kernel: [35709.852192] type=1400 audit(133055794
A (not recommended) workaround it to add this to the /etc/apparmor.
"/home/simon/9p/" rwkl,
"/home/
Ideally, virt-aa-helper would be aware of those 9p filesystems and should generate the appropriate ruleset.
$ lsb_release -rd
Description: Ubuntu 11.10
Release: 11.10
$ apt-cache policy libvirt-bin
libvirt-bin:
Installed: 0.9.2-4ubuntu15.2
Candidate: 0.9.2-4ubuntu15.2
Version table:
*** 0.9.2-4ubuntu15.2 0
500 http://
100 /var/lib/
0.
500 http://
ProblemType: Bug
DistroRelease: Ubuntu 11.10
Package: libvirt-bin 0.9.2-4ubuntu15.2
ProcVersionSign
Uname: Linux 3.0.0-16-generic x86_64
ApportVersion: 1.23-0ubuntu4
Architecture: amd64
Date: Wed Feb 29 18:23:43 2012
InstallationMedia: Ubuntu 11.10 "Oneiric Ocelot" - Release amd64 (20111011)
ProcEnviron:
LANGUAGE=en_CA:en
PATH=(custom, no user)
LANG=en_CA.UTF-8
SHELL=/bin/bash
SourcePackage: libvirt
UpgradeStatus: No upgrade log present (probably fresh install)
Changed in libvirt (Ubuntu): | |
importance: | Low → Medium |
status: | Confirmed → Triaged |
summary: |
- Apparmor profile does not authorize access to 9p shared filesystems + Apparmor profile does not authorize access to shared filesystems |
Hi Jamie,
I only assigned this bug to quickly seek your advice. Does this seem like something which might have an easy solution?