[libvirt] [sandbox] Weird apparmor problems
Cedric Bosdonnat
cbosdonnat at suse.com
Fri Oct 30 07:53:38 UTC 2015
On Fri, 2015-10-30 at 09:15 +0900, Daniel P. Berrange wrote:
> NB in containers we have two PTYs involved. The libvirt_lxc process
> opens one pty in the host context and that is used to communicate
> between virsh console & libvirt_lxc. The libvirt_lxc process opens
> one pty in the guest context and that is used to commnuicate between
> libvirt_lxc and the container master console. Libvirt_lxc forwards
> data between the two PTYs.
>
> So, yes, it is normal for libvirt_lxc to access /dev/ptmx to create
> a new master PTY and to read/write to /dev/pts/NN associated with
> the file descriptor retrieved from /dev/ptmx.
After checking more carefully, all rules are already in the profile...
and are concerning the qemu builder. I haven't checked if it happens
with lxc yet.
The question now is why does it happen with virt-sandbox and not with a
normal libvirt qemu domain.
--
Cedric
More information about the libvir-list
mailing list