On Tue, Sep 08, 2009 at 04:22:56PM -0500, Jamie Strandboge wrote:
> diff -Nurp ./libvirt.orig/examples/apparmor/usr.sbin.libvirtd ./libvirt/examples/apparmor/usr.sbin.libvirtd
> --- ./libvirt.orig/examples/apparmor/usr.sbin.libvirtd 1969-12-31 18:00:00.000000000 -0600
> +++ ./libvirt/examples/apparmor/usr.sbin.libvirtd 2009-09-08 15:32:22.000000000 -0500
> @@ -0,0 +1,39 @@
> +# Last Modified: Mon Jul 6 17:23:58 2009
> +#include <tunables/global>
> +@{LIBVIRT}="libvirt"
> +
> +/usr/sbin/libvirtd {
> + #include <abstractions/base>
> +
> + capability kill,
> + capability net_admin,
> + capability net_raw,
> + capability setgid,
> + capability sys_admin,
> + capability sys_module,
> + capability sys_ptrace,
I'm fairly sure libvirtd will need more than this set of capabilities.
We tried to limit this in the C code a few months back, but gave up
because we ended up requiring about 2/3s of all capabilities and once
you allow net_admin & sys_admin its game over for security benefits.
You'll certainly have broken functionality without sys_nice, sys_chroot,
setuid, setpcap, mknod, dac_override, dac_read_search, fowner, chown
Regards,
Daniel
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
--
Libvir-list mailing list
Libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list