Re: [PATCH] AppArmor: allow QEMU to set_process_name.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Dec 12, 2016 at 04:04:34PM +0100, Martin Kletzander wrote:
> On Mon, Dec 12, 2016 at 02:09:52PM +0000, Daniel P. Berrange wrote:
> > On Mon, Dec 12, 2016 at 02:53:02PM +0100, Christian Ehrhardt wrote:
> > > Acked-by: Christian Ehrhardt <christian.ehrhardt@xxxxxxxxxxxx>
> > > 
> > > That (just FYI) is also equivalent to
> > > https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1615550
> > > 
> > > On Mon, Dec 12, 2016 at 11:59 AM, intrigeri <intrigeri+libvirt@xxxxxxxx>
> > > wrote:
> > > 
> > > > https://bugzilla.redhat.com/show_bug.cgi?id=1369281
> > > > ---
> > > >  examples/apparmor/libvirt-qemu | 3 +++
> > > >  1 file changed, 3 insertions(+)
> > > >
> > > > diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-
> > > > qemu
> > > > index 11381d4df0..fdb5a23291 100644
> > > > --- a/examples/apparmor/libvirt-qemu
> > > > +++ b/examples/apparmor/libvirt-qemu
> > > > @@ -21,6 +21,9 @@
> > > >    /dev/ptmx rw,
> > > >    /dev/kqemu rw,
> > > >    @{PROC}/*/status r,
> > > > +  # Per man(5) proc, the kernel enforces that a thread may
> > > > +  # only modify its comm value or those in its thread group.
> > > > +  owner @{PROC}/@{pid}/task/@{tid}/comm rw,
> > > >    @{PROC}/sys/kernel/cap_last_cap r,
> > > >
> > > >    # For hostdev access. The actual devices will be added dynamically
> > 
> > Thanks, I'll push this patch.
> > 
> 
> Didn't we have a policy of using real names in commit messages?  I
> remember someone advocating that (Eric?), so I did that as well.  But to
> be honest, I can't find it anywhere in our docs, but it makes sense if
> there is a need for anything related to attributions or copyrights.

I just assumed "intrigeri" is a real name :-)  In this case the patches
are the same as those already carried by Ubuntu, and trivial enough to
not have copyright consequences imho.

Last time this came up was when someone submitted a large patch series
with an author of simply "TJ".  IIRC, we rejected the patch series as
they wouldn't provide a real name.

We've never formally documented this as a policy anywhere though.

If we want to formalize this, then I'd probably suggest we actually
explicitly adopt the kernel signed-off-by process. People are used
to adding S-o-B (many libvirt patches alrady have it) and git makes
it trivial.

The DCO doesn't say anything about psuedonyms directly though:

  http://developercertificate.org/

the kernel patch submission guidelines add it as an requirement

  https://www.kernel.org/doc/Documentation/SubmittingPatches

[quote]
then you just add a line saying::

	Signed-off-by: Random J Developer <random@xxxxxxxxxxxxxxxxxxxxx>

using your real name (sorry, no pseudonyms or anonymous contributions.)
[/quote]


Regards,
Daniel
-- 
|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://entangle-photo.org       -o-    http://search.cpan.org/~danberr/ :|

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list



[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]
  Powered by Linux