[Bug 588369] [NEW] can't disable AppArmor via qemu.conf

[Jamie Strandboge]

Public bug reported:

I should be able to adjust /etc/libvirt/qemu.conf to have:
security_driver = "none"

This no longer works as seen by:
$ virsh capabilities
  <host>
    ...
    <secmodel>
      <model>apparmor</model>
      <doi>0</doi>
    </secmodel>
  </host>

And VMs start confined:
$ sudo aa-status
apparmor module is loaded.
...
4 processes are in enforce mode :
   ...
   libvirt-7d781722-69b7-8801-fe96-caf37b7a8969 (1217)

WORKAROUND:
You can disable AppArmor for only libvirt with:

$ sudo touch /etc/apparmor.d/disable/usr.sbin.libvirtd
$ sudo reboot

** Affects: libvirt (Ubuntu)
     Importance: Undecided
     Assignee: Jamie Strandboge (jdstrand)
         Status: Confirmed

** Changed in: libvirt (Ubuntu)
       Status: New => Confirmed

** Changed in: libvirt (Ubuntu)
     Assignee: (unassigned) => Jamie Strandboge (jdstrand)

-- 
can't disable AppArmor via qemu.conf
https://bugs.launchpad.net/bugs/588369
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.