External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-07 17:28:15 +00:00
Code

AppArmor: allow virt-aa-helper read access to Nova's qcow backing files.

Browse Source 
As reported on https://bugs.debian.org/892431, without this rule, when launching
a QEMU KVM instance, an error occurs immediately upon launching the QEMU
process such as:

  Could not open backing file: Could not open
  '/var/lib/nova/instances/_base/affe96668a4c64ef380ff1c71b4caec17039080e':
  Permission denied

The other instance disk images are already covered by the existing rule:

  /**/disk{,.*} r

Signed-off-by: intrigeri <intrigeri@boum.org>
This commit is contained in:
intrigeri 2018-06-09 19:26:26 +00:00 committed by Michal Privoznik
parent e6be524508
commit 1fff379ff6
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
examples/apparmor/usr.lib.libvirt.virt-aa-helper
View File

@ -50,6 +50,7 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
@{HOME}/** r, @{HOME}/** r,
/var/lib/libvirt/images/ r, /var/lib/libvirt/images/ r,
/var/lib/libvirt/images/** r, /var/lib/libvirt/images/** r,
/var/lib/nova/instances/_base/* r
/{media,mnt,opt,srv}/** r, /{media,mnt,opt,srv}/** r,
# For virt-sandbox # For virt-sandbox
/{,var/}run/libvirt/**/[sv]d[a-z] r, /{,var/}run/libvirt/**/[sv]d[a-z] r,