Hi Vasyl,
Let me start with confirming - you are just right - this is a problem.
Although not an intense or common one.
It was discussed back then if leaving the tun interface available for those who
had it before is a problem and it was not considered a big one.
But yeah, with enough add/remove it could get too much and break entirely.
The problem is that libvirt apparmor handling has two ways, the initial set
which is converting the XML description into rules - that works fine. The later
add/removal are just events and the removal usually does not carry much info,
so it can be (depends on the case) hard to map it back to what to remove.
I have not checked that case, so it might be easy here (or not).
Sadly these efforts just do not fit well for quite a while, only the
more breaking more common issues are tackled. This is somewhere in
between, but I agree would be worth at least to check if it is one of
the easier or more challenging cases.
I'm tagging this libvirt-apparmor-dev to be together with similar group
of "this actually would need a major dev effort around libvirt/apparmor
to be better" bugs.
** Changed in: libvirt (Ubuntu)
Status: New => Confirmed
** Changed in: libvirt (Ubuntu)
Importance: Undecided => Low
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2120278
Title:
Apparmor /dev/net/tun overflow
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/2120278/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
