AppArmor profiles

In order to get the Virtlet DaemonSet work in an AppArmor enabled environment follow the next steps:

  • install the profiles located in this directory into the corresponding directory (/etc/apparmor.d/ if you use Debian or its derivatives)

    sudo install -m 0644 libvirtd virtlet vms -t /etc/apparmor.d/
    
  • apply them by

  • restarting the apparmor service

    sudo systemctl restart apparmor
    
  • or by hand, using the following commands

    sudo apparmor_parser -r /etc/apparmor.d/libvirtd
    sudo apparmor_parser -r /etc/apparmor.d/virtlet
    sudo apparmor_parser -r /etc/apparmor.d/vms
    
  • set the corresponding profiles in the Virtlet DaemonSet:

    spec:
      template:
        metadata:
          annotations:
            container.apparmor.security.beta.kubernetes.io/libvirt: localhost/libvirtd
            container.apparmor.security.beta.kubernetes.io/vms: localhost/vms
            container.apparmor.security.beta.kubernetes.io/virtlet: localhost/virtlet
    
  • [re]create the Virtlet DamonSet using standard Kubernetes approach