On Fri, 2017-11-03 at 09:46 +0100, Christian Ehrhardt wrote: > In case ipv6 is used the network inet6 permission is required for > virt-aa-helper. > > Signed-off-by: Christian Ehrhardt <christian.ehrhardt@xxxxxxxxxxxxx> > --- > examples/apparmor/usr.lib.libvirt.virt-aa-helper | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper > b/examples/apparmor/usr.lib.libvirt.virt-aa-helper > index 012080c..bd6181d 100644 > --- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper > +++ b/examples/apparmor/usr.lib.libvirt.virt-aa-helper > @@ -10,6 +10,7 @@ profile virt-aa-helper > /usr/{lib,lib64}/libvirt/virt-aa-helper { > > # needed for when disk is on a network filesystem > network inet, > + network inet6, > > deny @{PROC}/[0-9]*/mounts r, > @{PROC}/[0-9]*/net/psched r, LGTM. Thanks! -- Jamie Strandboge | http://www.canonical.com
Attachment:
signature.asc
Description: This is a digitally signed message part
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list