On Wed, 2018-03-07 at 11:16 +0100, Christian Ehrhardt wrote: > If a system has sasl GSSAPI plugin available qemu with sasl support > will > try to read /etc/gss/mech.d/. > > It is required to allow that to let the modules fully work and it > should > be safe to do so as it only registers/configures plugins but has no > secrets. > > Signed-off-by: Christian Ehrhardt <christian.ehrhardt@xxxxxxxxxxxxx> > --- > examples/apparmor/libvirt-qemu | 4 ++++ > 1 file changed, 4 insertions(+) > > diff --git a/examples/apparmor/libvirt-qemu > b/examples/apparmor/libvirt-qemu > index 950b042..2c47652 100644 > --- a/examples/apparmor/libvirt-qemu > +++ b/examples/apparmor/libvirt-qemu > @@ -192,3 +192,7 @@ > # silence refusals to open lttng files (see LP: #1432644) > deny /dev/shm/lttng-ust-wait-* r, > deny /run/shm/lttng-ust-wait-* r, > + > + # required for sasl GSSAPI plugin > + /etc/gss/mech.d/ r, > + /etc/gss/mech.d/* r, LGTM. +1 Thanks! -- Jamie Strandboge | http://www.canonical.com
Attachment:
signature.asc
Description: This is a digitally signed message part
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
