AppArmor profiles

In order to get the Virtlet DaemonSet work in an AppArmor enabled environment follow the next steps:

• install the profiles located in this directory into the corresponding directory (/etc/apparmor.d/ if you use Debian or its derivatives)

  sudo install -m 0644 libvirtd virtlet vms -t /etc/apparmor.d/
  

• apply them by

• restarting the apparmor service

  sudo systemctl restart apparmor
  

• or by hand, using the following commands

  sudo apparmor_parser -r /etc/apparmor.d/libvirtd
  sudo apparmor_parser -r /etc/apparmor.d/virtlet
  sudo apparmor_parser -r /etc/apparmor.d/vms
  

• set the corresponding profiles in the Virtlet DaemonSet:

  spec:
    template:
      metadata:
        annotations:
          container.apparmor.security.beta.kubernetes.io/libvirt: localhost/libvirtd
          container.apparmor.security.beta.kubernetes.io/vms: localhost/vms
          container.apparmor.security.beta.kubernetes.io/virtlet: localhost/virtlet
  

• [re]create the Virtlet DamonSet using standard Kubernetes approach