rpm/libvirt
SHA256
1
0
Fork 0
forked from pool/libvirt
Code Pull Requests Activity
5dda10253d
libvirt/apparmor-allow-helpers.patch
Cédric Bosdonnat 9ae36308d4 Accepting request 282003 from home:mlatimer:branches:Virtualization 
- Apparmor profile regression breaks Xen domains. bsc#913799
  apparmor-xen-fixup.patch
  apparmor-allow-helpers.patch
  apparmor-tck-raw-packets.patch

OBS-URL: https://build.opensuse.org/request/show/282003
OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=434
2015-01-20 08:09:54 +00:00

35 lines
1.2 KiB
Diff
Raw Blame History

From b2bf7c00b79de032bd7eeb6ba9c970895223a53f Mon Sep 17 00:00:00 2001
Message-Id: <b2bf7c00b79de032bd7eeb6ba9c970895223a53f.1421716686.git.mlatimer@suse.com>
In-Reply-To: <cover.1421716686.git.mlatimer@suse.com>
References: <cover.1421716686.git.mlatimer@suse.com>
From: Mike Latimer <mlatimer@suse.com>
Date: Mon, 19 Jan 2015 17:12:33 -0700
Subject: [PATCH 2/3] Grant access to helpers
Apparmor must not prevent access to required helper programs. The following
helpers should be allowed to run in unconfined execution mode:
- libvirt_parthelper
- libvirt_iohelper
---
examples/apparmor/usr.sbin.libvirtd | 2 ++
1 file changed, 2 insertions(+)
diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd
index 9917836..ab6572a 100644
--- a/examples/apparmor/usr.sbin.libvirtd
+++ b/examples/apparmor/usr.sbin.libvirtd
@@ -57,6 +57,8 @@
audit deny /sys/kernel/security/apparmor/.* rwxl,
/sys/kernel/security/apparmor/profiles r,
/usr/{lib,lib64}/libvirt/* PUxr,
+ /usr/{lib,lib64}/libvirt/libvirt_parthelper Ux,
+ /usr/{lib,lib64}/libvirt/libvirt_iohelper Ux,
/etc/libvirt/hooks/** rmix,
/etc/xen/scripts/** rmix,
--
1.8.4.5
View Git Blame Copy Permalink