Re: [libvirt] Resubmission: [PATCH 5/6] sVirt AppArmor security driver

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Sep 08, 2009 at 04:22:56PM -0500, Jamie Strandboge wrote:
> diff -Nurp ./libvirt.orig/examples/apparmor/usr.sbin.libvirtd ./libvirt/examples/apparmor/usr.sbin.libvirtd
> --- ./libvirt.orig/examples/apparmor/usr.sbin.libvirtd	1969-12-31 18:00:00.000000000 -0600
> +++ ./libvirt/examples/apparmor/usr.sbin.libvirtd	2009-09-08 15:32:22.000000000 -0500
> @@ -0,0 +1,39 @@
> +# Last Modified: Mon Jul  6 17:23:58 2009
> +#include <tunables/global>
> +@{LIBVIRT}="libvirt"
> +
> +/usr/sbin/libvirtd {
> +  #include <abstractions/base>
> +
> +  capability kill,
> +  capability net_admin,
> +  capability net_raw,
> +  capability setgid,
> +  capability sys_admin,
> +  capability sys_module,
> +  capability sys_ptrace,

I'm fairly sure libvirtd will need more  than this set of capabilities.
We tried to limit this in the C code a few months back, but gave up
because we ended up requiring about 2/3s of all capabilities and once
you allow net_admin & sys_admin its game over for security benefits.
You'll certainly have broken functionality without sys_nice, sys_chroot,
setuid, setpcap, mknod, dac_override, dac_read_search, fowner, chown

Regards,
Daniel
-- 
|: Red Hat, Engineering, London   -o-   http://people.redhat.com/berrange/ :|
|: http://libvirt.org  -o-  http://virt-manager.org  -o-  http://ovirt.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505  -o-  F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|

--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]