Since that was not considered a strictly needed to be blocked interface
it is even added to the general profiles that are included already.
There is no need to add it even once on the hot-add of the device.
apparmor/usr.sbin.virtqemud.in:132: /dev/net/tun rw,
apparmor/libvirt-qemu:26: /dev/net/tun rw,
So yes there could be some related cleanup for sure
Let me add some more for reproducing this
$ grep dev.*tun ../abstractions/libvirt-qemu
/dev/net/tun rw,
Normal basic guest - in my case called q2 with the following uuid -
right after start
$ grep dev.*tun libvirt-33884b16-ff6e-4947-bd0d-ec8dedba0395.files
"/dev/net/tun" rwk,
Config for a second network dev to add
$ cat net-add-test.xml
<interface type='network'>
<source network='default' bridge='virbr0'/>
<target dev='vnet1'/>
<model type='virtio'/>
<alias name='net1'/>
</interface>
$ virsh attach-device q2 net-add-test.xml
Device attached successfully
$ grep dev.*tun libvirt-33884b16-ff6e-4947-bd0d-ec8dedba0395.files
"/dev/net/tun" rwk,
"/dev/net/tun" rwk,
$ for i in $(seq 1 10); do virsh attach-device q2 net-add-test.xml; virsh
detach-device q2 net-add-test.xml; done
$ grep dev.*tun libvirt-33884b16-ff6e-4947-bd0d-ec8dedba0395.files
"/dev/net/tun" rwk,
"/dev/net/tun" rwk,
"/dev/net/tun" rwk,
"/dev/net/tun" rwk,
"/dev/net/tun" rwk,
"/dev/net/tun" rwk,
"/dev/net/tun" rwk,
"/dev/net/tun" rwk,
"/dev/net/tun" rwk,
"/dev/net/tun" rwk,
"/dev/net/tun" rwk,
"/dev/net/tun" rwk,
** Changed in: libvirt (Ubuntu)
Importance: Low => Medium
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/2120278
Title:
Apparmor /dev/net/tun overflow
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/2120278/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
