Tom Parrott
Tom Parrott
closing this for now as the apparmor team are reconsidering how this should work.
@sabaini we will be adding support for this too in lxd's resource package, is this something you could use too to avoid duplicate implementations?
Cc @roosterfish
Please can you show the specifics of your setup so we can investigate. OVN does use egress DNS packet inspection and response rewriting as they traverse through the virtual router...
Closing due to lack of response.
We're planning a switch to using the ovs DB client package directly, rather than ovn-nbctl, so this may help increase the workable limits.
> I'm not certain why this is failing as it doesn't seem to have anything to do with this PR. It is potentially related to #14315 since `lxc profile assign`...
> > @tomponline @hamistao The CI passed on the third attempt. I'll investigate a bit more though as I don't want to introduce any races, especially when they may be...
> I've just spotted another failure in another PR (#14434) that might be related: https://github.com/canonical/lxd/actions/runs/11777602677/job/32802823358#step:12:38935 are your test fails always happening on ceph too?