On Mon, Apr 05, 2010 at 04:19:03PM -0500, Jamie Strandboge wrote: > On Mon, 2010-04-05 at 16:15 -0500, Jamie Strandboge wrote: > > 1_apparmor-dont-clear-caps.patch: originally submitted on 2010/02/08 > > with no feedback. The calls to virExec() in security_apparmor.c when > > invoking virt-aa-helper use VIR_EXEC_CLEAR_CAPS. When compiled without > > libcap-ng, this is not a problem (it's effectively a no-op) but with > > libcap-ng this causes MAC_ADMIN to be cleared. MAC_ADMIN is needed by > > virt-aa-helper to manipulate apparmor profiles and without it VMs will > > not start[1]. This patch calls virExec with the default VIR_EXEC_NONE > > instead. Okay, we should have reviewed this at the time, sorry. Fairly contained, so applied and commited, I will push it soon, thanks ! Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@xxxxxxxxxxxx | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/ -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list