Comment 24 for bug 1677398

Hi Nicolas,
yeah that isn't easy to fix and at least I didn't find the time to develop something completely new to cover this yet.

I challenge the statement "Even the default storage pool /var/lib/libvirt/images is not working", it does and it does well.
And for things that are under the control of Ubuntu in the Archive even a few alternative paths work (openstack, uvtool, ...).

The issue you report is -not- using the default paths, the Deny lists "/mnt/images/ubuntu-admin-qcow2" which clearly is not in one of the common paths.

In general for using uncommon paths [1] the solution is that an admin has to declare those paths as allowed in a local apparmor include. So if terraform would usually /a/b/c it should also either recommend the admin to do so or even consider adding it to the files itself.

[1]: https://wiki.ubuntu.com/LibvirtApparmor#Using_uncommon_paths