[apparmor] Disable apparmor without restart
Sina Kashipazha
s.kashipazha at protonmail.com
Tue Dec 28 10:00:30 UTC 2021
Hey there,
I have two hosts in my setup, one of them uses AppArmor (h1), and another one doesn't have it (h2). I want to use virsh to live migrate my VMs from h1 to h2, but I'm not able to do that because the h2 host doesn't have the AppArmor policy.
I was wondering, is it possible to edit the XML configuration file of the VM and disable AppArmor without restarting the VMs?
Some extra info:
root at h1(apparmor enabled):~# virsh list
Id Name State
----------------------------------------------------
7 some-VM running
root at h1(apparmor enabled):~# virsh dumpxml 7 | grep apparmor
<seclabel type='dynamic' model='apparmor' relabel='yes'
root at h1(apparmor enabled):~# virsh capabilities | grep -A1 secmodel
<secmodel>
<model>apparmor</model>
</secmodel>
<secmodel>
<model>dac</model>
</secmodel>
</host>
root at h2(apparmor disabled):~# virsh capabilities | grep -A1 secmodel
<secmodel>
<model>none</model>
</secmodel>
<secmodel>
<model>dac</model>
</secmodel>
</host>
Kind regards,
Sina
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20211228/a5bca55b/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 249 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20211228/a5bca55b/attachment.sig>
More information about the AppArmor
mailing list