On 11/3/22 09:02, Andrea Bolognani wrote:
On Thu, Nov 03, 2022 at 08:24:37AM -0600, Jim Fehlig wrote:
On 11/3/22 05:13, Andrea Bolognani wrote:
+ # Needed when running the RHEL/CentOS version of libvirt and QEMU
+ # inside a privileged container on a Debian/Ubuntu host
+ /usr/libexec/qemu-kvm PUx,
Do you also need the path in src/security/apparmor/libvirt-qemu?
Good question :)
IIUC usr.sbin.{libvirtd,virtqemud}.in is the profile that is used for
the daemon and libvirt-qemu the one that's used for the QEMU process
itself, right?
Correct.
If that's the case, I don't really understand why we would need to
list the various QEMU binaries in there? Once the QEMU process has
been started, it shouldn't really need to access any other QEMU
binary, should it?
Good question :-P. I don't know why all the various qemu binaries are listed in
that file. Maybe someone more familiar with the history of libvirt apparmor
support can clarify. I simply noticed they were there and wondered if the
/usr/libexec/qemu-kvm path should be added too.
Regards,
Jim