Comment 6 for bug 1677398
Revision history for this message
| Simon Déziel (sdeziel) wrote Re: [Bug 1677398] Re: Apparmor prevents using ZFS storage pools | #6 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
f33e652
(Get the code!)
Hello Christian,
On 2017-03-30 06:18 AM, ChristianEhrhardt wrote:
> So the following might serve as a temporary workaround adding "/dev/zd[0-9]* rw" to /etc/apparmor.
What I did something similar but less convenient. My goal was to keep
the per-VM isolation so I added the corresponding "/dev/zdXX rw" rule to
the /etc/apparmor.
> I see that this needs dev-activity -> upstream-libvirt -> merge new
> libvirt -> SRUs so I wanted to provide some sort of workaround.
Yes, makes sense and your workaround is easier. Having this eventually
land in a SRU would be greatly appreciated.
> TODO:
> - get aa-helper to consider pool zvols
> - resolve symlink as we need the target in the rule
That is correct, Apparmor always operate on the destination file. There
should already be code in aa-helper to track down the destination file
as I assume the situation is pretty similar to that of LVM.
As always, thanks for the precise problem dissection and fast response!