On Mon, 2012-03-12 at 09:13 -0400, Corey Bryant wrote: > This patch provides AppArmor policy updates for the QEMU bridge helper. > The QEMU bridge helper is a SUID executable exec'd by QEMU that drops > capabilities to CAP_NET_ADMIN and adds a tap device to a network > bridge. For more details on the helper, please refer to: > > http://lists.gnu.org/archive/html/qemu-devel/2012-01/msg03562.html > > Signed-off-by: Corey Bryant <coreyb@xxxxxxxxxxxxxxxxxx> I've not used the helper personally, but the policy makes sense overall though. I do have a few questions: > + capability setuid, > + capability setgid, I'm assuming these are needed because qemu-bridge-helper drops privileges? > + capability setpcap, Can you explain why this capability is needed by qemu-bridge-helper? > + network inet stream, I understood why net_admin was needed, but this one is less clear. Why does qemu-bridge-helper need this? > + /etc/qemu/** r, I'm not familiar with this directory. What does qemu-bridge-helper need from this directory? > + @{PROC}/*/status r, Is it possible to use this instead: owner @{PROC}/*/status r, Thanks! -- Jamie Strandboge | http://www.canonical.com
Attachment:
signature.asc
Description: This is a digitally signed message part
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list