[PATCH] Add capability to example AppArmor profile

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



I encountered an AppArmor denial in Ubuntu 14.04.  I had filed a bug here https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1324251

I just wanted to see this applied upstream from Ubuntu.  This update to the profile is necessary to write to 9pfs mounts.  Let me know what you think about the following patch:

diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
index 83814ec..c80294c 100644
--- a/examples/apparmor/libvirt-qemu
+++ b/examples/apparmor/libvirt-qemu
@@ -9,6 +9,10 @@
   capability dac_read_search,
   capability chown,
 
+  # to create and modify with 9p shares
+  capability fowner,
+  capability fsetid,
+
   # needed to drop privileges
   capability setgid,
   capability setuid,


I’m running on libvirt: 1.2.2
My host machine is: x86_64
The hypervisor is: KVM
-- 
Steven

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]