Based on a discussion in [1] I found that the AppArmor security module lacked some callbacks. Implementing those not only fixes the issue I had before but will also cover a few more cases I didn't even run into so far. [1]: https://www.redhat.com/archives/libvir-list/2017-December/msg00726.html Christian Ehrhardt (4): security, apparmor: implement domainSetPathLabel security: full path option for DomainSetPathLabel security, apparmor: add (Set|Restore)ChardevLabel apparmor, virt-aa-helper: drop static channel rule src/qemu/qemu_domain.c | 2 +- src/qemu/qemu_process.c | 4 +- src/security/security_apparmor.c | 96 ++++++++++++++++++++++++++++++++++++++++ src/security/security_dac.c | 3 +- src/security/security_driver.h | 3 +- src/security/security_manager.c | 5 ++- src/security/security_manager.h | 3 +- src/security/security_selinux.c | 3 +- src/security/security_stack.c | 5 ++- src/security/virt-aa-helper.c | 2 - 10 files changed, 113 insertions(+), 13 deletions(-) -- 2.7.4 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
