I am using libvirt with qemu on a debian host. One virtual machine has a 9p mount point defined:
<filesystem type='mount' accessmode='mapped'>
<source dir='/mnt/pool/share'/>
<target dir='share'/>
<address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0'/>
</filesystem>
The default apparmor configuration (which is apparently created by virt-aa-helper) does not allow me to create hard links on the 9p volume.
I made it work by adding the following line to /etc/apparmor.d/abstractions/libvirt-qemu
"/mnt/pool/share/**" rwl,
This works but has the following problems:
- It allows all hosts to read/write to this directory, not only the one host I need
- It requires editing a conffile that is regularly updated which is probably not a good idea because it makes updates to the debian package harder
- It is not configured in the libvirt xml file which makes portability harder and is one extra step
Is there a better way?
