The patch says to add:
# to create and modify with 9p shares
capability fowner,
capability fsetid,
While AppArmor is enabled by default with libvirt in Ubuntu and the
apparmor profile will limit file operations to only what is specified in
the profile regardless of whether fowner or fsetid is set, granting the
capabilities gives it to all VMs regardless of whether they need 9pfs or
not. I'm somewhat uncomfortable allowing this, at least until there is
more information on why it is needed.
IIUC, the 9pfs filesystem can be used so multiple VMs can access the
same filesystem. However, in libvirt all VMs either run as root (non-
default configuration) or as a specific non-root user (the default
configuration runs as libvirt-qemu on Ubuntu), so I'm confused as to why
these capabilities are needed at all. Can you give more details on your
environment and why these are needed?
** Changed in: libvirt (Ubuntu)
Status: New => Incomplete
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1324251
Title:
AppArmor denies guest from create/modify 9pfs files
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1324251/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
