New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
docs: configuring Apparmor #4039
Comments
I am OK to have this included in the documentation, however... where? This feels more like an advanced topic or FAQ, as none of these targets are tested by us. As mentioned here, start with a wiki entry? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
CRC 1.32.0 / OCP 4.17.8
Linux Debian 12 bookworm
On Debian i had to modify two different profiles to got it working and reload he profiles afterwards:
/etc/apparmor.d/libvirt/TEMPLATE.qemu
as you have written:and
/etc/apparmor.d/usr.lib.libvirt.virt-aa-helper
for file/home/user/.crc/machines/crc/crc.qcow2
- here it was a bit more tricky as default rules for "virt-aa-helper" deny access to all hidden files in the user home directory:Therefor just adding an allow rule for the
crc.qcow2
file does not work. These deny rules must be changed to allow reading from~/.crc/
directory...@cfergeau @gbraad
I think it would be really helpful to have a note in the installation instructions for all Debian/Ubuntu based distributions to check current AppArmor profiles and system log messages for DENIED entries in case "crc start" does not work. For me it needed a long time to find the problem and this issue to solve the generic Access Denied error message on startup.
Originally posted by @sseide in #1776 (comment)
The text was updated successfully, but these errors were encountered: