On Fri, 2017-11-03 at 09:46 +0100, Christian Ehrhardt wrote:
> In case ipv6 is used the network inet6 permission is required for
> virt-aa-helper.
>
> Signed-off-by: Christian Ehrhardt <christian.ehrhardt@xxxxxxxxxxxxx>
> ---
> examples/apparmor/usr.lib.libvirt.virt-aa-helper | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper
> b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
> index 012080c..bd6181d 100644
> --- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper
> +++ b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
> @@ -10,6 +10,7 @@ profile virt-aa-helper
> /usr/{lib,lib64}/libvirt/virt-aa-helper {
>
> # needed for when disk is on a network filesystem
> network inet,
> + network inet6,
>
> deny @{PROC}/[0-9]*/mounts r,
> @{PROC}/[0-9]*/net/psched r,
LGTM. Thanks!
--
Jamie Strandboge | http://www.canonical.comAttachment:
signature.asc
Description: This is a digitally signed message part
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
