19 Sep
2017
19 Sep
'17
9:28 a.m.
Hi, Christian Ehrhardt:
Currently virt-aa-helper has no support for pools, so if you use a volume from a pool like: <disk type='volume' device='disk'> <driver name='qemu' type='raw' cache='none'/> <source pool='internal' volume='foo'/> <target dev='vdc' bus='virtio'/> </disk> Then there is no matching apparmor rule generated to allow qemu to access the related devices.
Honestly I had no idea: all the disks for VMs I manage are backed either by LVs or by qcow2 files. I'm not versed into libvirt's code base (nor C by the way) so I'm afraid I won't be useful at all in this discussion. Please keep Cc'ing me only if there are user-facing questions that I can be useful for :) Take care, cheers, -- intrigeri