On Mon, 2016-12-05 at 11:21 +0000, intrigeri wrote: > https://bugzilla.redhat.com/show_bug.cgi?id=1369281 > --- > examples/apparmor/libvirt-qemu | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu > index 11381d4df0..a07291d583 100644 > --- a/examples/apparmor/libvirt-qemu > +++ b/examples/apparmor/libvirt-qemu > @@ -21,6 +21,7 @@ > /dev/ptmx rw, > /dev/kqemu rw, > @{PROC}/*/status r, > + @{PROC}/@{pid}/task/@{tid}/comm rw, > @{PROC}/sys/kernel/cap_last_cap r, > This rule would allow any confined guest to change the 'comm' value of any task on the system, if the system otherwise allowed it. These days that would likely be mitigated somewhat by DAC protections (ie, when qemu is run as non-root). Other than DAC (and MAC), what other protections exist that might make this rule acceptable? -- Jamie Strandboge | http://www.canonical.com
Attachment:
signature.asc
Description: This is a digitally signed message part
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
