Given the following command line for QEMU (from this page):
qemu-system-x86_64 -machine accel=kvm -cpu host \
-m $mem -object memory-backend-file,id=mem,size=$mem,mem-path=/dev/hugepages,share=on \
-mem-prealloc -numa node,memdev=mem \
-chardev socket,id=char1,path=/tmp/sock0,server=on
With a default install of Ubuntu 22.04 I get this error:
[12264.014241] audit: type=1400 audit(1691452988.768:416): apparmor="DENIED"
operation="mknod" class="file" profile="libvirt-ea182d75-dd38-41dd-b227-5b871b0a77bb"
name="/tmp/sock0" pid=16693 comm="qemu-system-x86"
requested_mask="c" denied_mask="c" fsuid=64055 ouid=64055
All the examples I can find on the web are for network sockets or just normal directory permissions, so how do I create a rule to allow AppArmor to permit my operation?
