On Wed, Mar 07, 2018 at 11:16:52AM +0100, Christian Ehrhardt wrote: > If a system has sasl GSSAPI plugin available qemu with sasl support will > try to read /etc/gss/mech.d/. > > It is required to allow that to let the modules fully work and it should > be safe to do so as it only registers/configures plugins but has no secrets. > > Signed-off-by: Christian Ehrhardt <christian.ehrhardt@xxxxxxxxxxxxx> > --- > examples/apparmor/libvirt-qemu | 4 ++++ > 1 file changed, 4 insertions(+) Reviewed-by: Daniel P. Berrangé <berrange@xxxxxxxxxx> > diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu > index 950b042..2c47652 100644 > --- a/examples/apparmor/libvirt-qemu > +++ b/examples/apparmor/libvirt-qemu > @@ -192,3 +192,7 @@ > # silence refusals to open lttng files (see LP: #1432644) > deny /dev/shm/lttng-ust-wait-* r, > deny /run/shm/lttng-ust-wait-* r, > + > + # required for sasl GSSAPI plugin > + /etc/gss/mech.d/ r, > + /etc/gss/mech.d/* r, > -- > 2.7.4 > > -- > libvir-list mailing list > libvir-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/libvir-list Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
