Any way to persistently edit a single VM's AppArmor profile?
Brian Turek
brian.turek at gmail.com
Tue Oct 6 04:53:20 UTC 2020
In order to test a patch I submitted I've been experimenting with
"qemu:commandline" to use some newer features for a QEMU host/guest file
share. I quickly ran into issues with AppArmor as virt-aa-helper
understandably doesn't parse "qemu:commandline" for directories to add to
the dynamically generated AppArmor profile.
After reading a bunch of documentation, I cannot find a way to persistently
edit a single VM's AppArmor profile. virt-aa-helper will respect a
pre-existing "/etc/apparmor.d/libvirt/libvirt-<uuid>" file but then delete
it when the VM shuts down. virt-aa-helper does not respect pre-existing
"/etc/apparmor.d/libvirt/libvirt-<uuid>.files" and will just overwrite it.
The best I came up with was to edit
"/etc/apparmor.d/abstractions/libvirt-qemu" but that affects ALL QEMU-based
VMs whereas I really only need to tweak one profile.
I'm an AppArmor novice so I'm hoping there might be some other way to do
what I need. Anyone have any ideas?
Thank you
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20201006/b20ae2b7/attachment.htm>
More information about the libvirt-users
mailing list