OpenStack Compute (nova)

  1. Series newton
  2. Bug #1665698
  3. Comment #23

Comment 23 for bug 1665698

Revision history for this message
Christian Ehrhardt  (paelzer) wrote : Re: [Bug 1665698] Re: /etc/qemu-ifup not allowed by apparmor

On Fri, Feb 24, 2017 at 4:50 PM, Logan V <email address hidden> wrote:

> is there an
> additional step necessary after modifying the abstractions/libvirt-qemu
> file with the additional rule? Ie. some command to reload the file? I
> restarted apparmor, libvirt-bin, and nova-compute services and it is
> still failing with the same message despite the line being added to the
> apparmor abstraction file.
>

See https://help.ubuntu.com/lts/serverguide/apparmor.html
But you stated you restarted apparmor already.

The workflow is that on guest creation it
uses /etc/apparmor.d/libvirt/TEMPLATE.qemu to build a guest specific file.
That is then loaded for the guests qemu and at that point the (now changed)
abstraction is pulled in.

--
Christian Ehrhardt
Software Engineer, Ubuntu Server
Canonical Ltd