Public bug reported: I'm using libvirt 10.0.0 libvirt from noble
``` root@vs-ps-czma3v4h7hzz-1-4gc232su7ouh-server-px5drx7avo4b:/# libvirtd --version libvirtd (libvirt) 10.0.0 root@vs-ps-czma3v4h7hzz-1-4gc232su7ouh-server-px5drx7avo4b:/# dpkg -l |grep libvirt ii libvirt-clients 10.0.0-2ubuntu8.8 amd64 Programs for the libvirt library ii libvirt-daemon 10.0.0-2ubuntu8.8 amd64 Virtualization daemon ii libvirt-daemon-config-network 10.0.0-2ubuntu8.8 all Libvirt daemon configuration files (default network) ii libvirt-daemon-config-nwfilter 10.0.0-2ubuntu8.8 all Libvirt daemon configuration files (default network filters) ii libvirt-daemon-driver-qemu 10.0.0-2ubuntu8.8 amd64 Virtualization daemon QEMU connection driver ii libvirt-daemon-system 10.0.0-2ubuntu8.8 amd64 Libvirt daemon configuration files ii libvirt-daemon-system-systemd 10.0.0-2ubuntu8.8 all Libvirt daemon configuration files (systemd) ii libvirt0:amd64 10.0.0-2ubuntu8.8 amd64 library for interfacing with different virtualization systems ``` Libvirt configuration ``` root@vs-ps-czma3v4h7hzz-1-4gc232su7ouh-server-px5drx7avo4b:/# cat /etc/libvirt/qemu.conf default_tls_x509_cert_dir = "/etc/pki/qemu" default_tls_x509_verify = 1 group = "kvm" security_driver = "apparmor" stdio_handler = "logd" user = "nova" vnc_listen = "0.0.0.0" vnc_tls = 1 vnc_tls_x509_verify = 1root@vs-ps-czma3v4h7hzz-1-4gc232su7ouh-server-px5drx7avo4b:/# root@vs-ps-czma3v4h7hzz-1-4gc232su7ouh-server-px5drx7avo4b:/# cat /etc/libvirt/libvirtd.conf auth_tcp = "none" keepalive_count = 9 keepalive_interval = 10 listen_addr = "10.10.0.191" listen_tcp = 0 listen_tls = 1 log_level = 3 log_outputs = "1:file:/var/log/libvirt/libvirtd.log" root@vs-ps-czma3v4h7hzz-1-4gc232su7ouh-server-px5drx7avo4b:/# cat /etc/libvirt/libvirt.conf # # This can be used to setup URI aliases for frequently # used connection URIs. Aliases may contain only the # characters a-Z, 0-9, _, -. # # Following the '=' may be any valid libvirt connection # URI, including arbitrary parameters #uri_aliases = [ # "hail=qemu+ssh://[email protected]/system", # "sleet=qemu+ssh://[email protected]/system", #] # # These can be used in cases when no URI is supplied by the application # (@uri_default also prevents probing of the hypervisor driver). # #uri_default = "qemu:///system" ``` Each time when NIC is added to VM, a new /dev/net/tun appears in /etc/apparmor.d/libvirt/libvirt-1157526e-4520-4fbf-8bd4-b606d37ad6b1.files When interface is detach the /dev/net/tun is not removed. There are two problems related to this 1. Even when all interface removed from domain, it has allowed rules for tun device (which it should not) 2. Overflow is possible when many attach/detach actions are executed file size may grow up to 10Mb limit and apparmor will refuse any other changes. ** Affects: libvirt (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2120278 Title: Apparmor /dev/net/tun overflow To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/2120278/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
