Wthout this change, the tapfd path would only be appended to a domain's profile when the device is hotplugged (either during domain start or normal operation). Operations which regenerate the profile (blockcommit, etc) will cause this path to be dropped from the profile. Since the domain status XML now includes the path to the tap device, include it in the profile. Resolves: https://gitlab.com/libvirt/libvirt/-/issues/692 Bug-Ubuntu: https://bugs.launchpad.net/bugs/2126574 Reviewed-by: Peter Krempa <pkrempa@redhat.com> Signed-off-by: Wesley Hershberger <wesley.hershberger@canonical.com> --- src/security/virt-aa-helper.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 14b202bf7b..2eae4d7f3f 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -1192,6 +1192,11 @@ get_files(vahControl * ctl) vhu->type) != 0) return -1; } + + if (net->tapfdpath) { + if (vah_add_file(&buf, net->tapfdpath, "rwk") != 0) + return -1; + } } for (i = 0; i < ctl->def->nmems; i++) { -- 2.53.0