On 18.05.2017 21:40, Serge E. Hallyn wrote: > Quoting Guido Günther (agx@xxxxxxxxxxx): >> On Thu, May 18, 2017 at 11:21:54AM -0500, Serge E. Hallyn wrote: >>> Mind you I'm not crazy about this. If this could be toggled with a >>> default-off config option that would seem better than always giving >>> these caps to libvirt-qemu. >> >> virt-aa-helper could add these if it detects a 9pfs file system. That >> would be better than always adding it. > > Agreed Ok, so at least for now, actually all 9p related changes should not be considered. Does the rest look ok (in particular 1/8 with the additional explanation)? -Stefan > >> Cheers, >> -- Guido >> >>> >>> Quoting Stefan Bader (stefan.bader@xxxxxxxxxxxxx): >>>> From: Serge Hallyn <serge.hallyn@xxxxxxxxxx> >>>> >>>> Add fowner and fsetid to libvirt-qemu profile. >>>> >>>> Bug-Ubuntu: https://bugs.launchpad.net/bugs/1378434 >>>> >>>> Signed-off-by: Christian Ehrhardt <christian.ehrhardt@xxxxxxxxxxxxx> >>>> Signed-off-by: Stefan Bader <stefan.bader@xxxxxxxxxxxxx> >>>> --- >>>> examples/apparmor/libvirt-qemu | 4 ++++ >>>> 1 file changed, 4 insertions(+) >>>> >>>> diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu >>>> index 89466c9..f04ce04 100644 >>>> --- a/examples/apparmor/libvirt-qemu >>>> +++ b/examples/apparmor/libvirt-qemu >>>> @@ -13,6 +13,10 @@ >>>> capability setgid, >>>> capability setuid, >>>> >>>> + # for 9p >>>> + capability fsetid, >>>> + capability fowner, >>>> + >>>> network inet stream, >>>> network inet6 stream, >>>> >>>> -- >>>> 2.7.4 >>> > > -- > libvir-list mailing list > libvir-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/libvir-list >
Attachment:
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
