On Tue, 2017-12-19 at 16:03 +0100, Christian Ehrhardt wrote:
From: Jamie Strandboge <jamie@ubuntu.com>
Newer qemu wants to read /sys/devices/system/node/ /sys/devices/system/cpu/ /sys/devices/system/node/node[0-9]*/meminfo
Signed-off-by: Stefan Bader <stefan.bader@canonical.com> --- examples/apparmor/libvirt-qemu | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu index 651d841..b9e45bd 100644 --- a/examples/apparmor/libvirt-qemu +++ b/examples/apparmor/libvirt-qemu @@ -34,6 +34,10 @@ owner @{PROC}/@{pid}/task/@{tid}/comm rw, @{PROC}/sys/kernel/cap_last_cap r,
+ /sys/devices/system/node/ r, + /sys/devices/system/node/node[0-9]*/meminfo r, + /sys/devices/system/cpu/ r, +
These read accesses are fine. +1 -- Jamie Strandboge | http://www.canonical.com