Re: [libvirt PATCH] apparmor: Allow running /usr/libexec/qemu-kvm

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 11/3/22 09:02, Andrea Bolognani wrote:
On Thu, Nov 03, 2022 at 08:24:37AM -0600, Jim Fehlig wrote:
On 11/3/22 05:13, Andrea Bolognani wrote:
+  # Needed when running the RHEL/CentOS version of libvirt and QEMU
+  # inside a privileged container on a Debian/Ubuntu host
+  /usr/libexec/qemu-kvm PUx,

Do you also need the path in src/security/apparmor/libvirt-qemu?

Good question :)

IIUC usr.sbin.{libvirtd,virtqemud}.in is the profile that is used for
the daemon and libvirt-qemu the one that's used for the QEMU process
itself, right?

Correct.

If that's the case, I don't really understand why we would need to
list the various QEMU binaries in there? Once the QEMU process has
been started, it shouldn't really need to access any other QEMU
binary, should it?

Good question :-P. I don't know why all the various qemu binaries are listed in that file. Maybe someone more familiar with the history of libvirt apparmor support can clarify. I simply noticed they were there and wondered if the /usr/libexec/qemu-kvm path should be added too.

Regards,
Jim




[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux