External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-22 05:35:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

apparmor: allow qemu to read max_segments

Browse Source 
Since qemu 2.9 via 9103f1ce "file-posix: Consider max_segments for
BlockLimits.max_transfer" this is a new access that is denied by the
qemu profile.

It is non fatal, but prevents the fix mentioned to actually work.
It should be safe to allow reading from that path.

Since qemu opens a symlink path we need to translate that for apparmor from
"/sys/dev/block/*/queue/max_segments" to
"/sys/devices/**/block/*/queue/max_segments"

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
This commit is contained in:
Christian Ehrhardt 2017-11-03 09:46:58 +01:00 committed by Michal Privoznik
parent 96be3e72e8
commit 37a4e6d430
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
examples/apparmor/libvirt-qemu
View File

@ -169,6 +169,9 @@
# for rbd
/etc/ceph/ceph.conf r,
# for file-posix getting limits since 9103f1ce
/sys/devices/**/block/*/queue/max_segments r,
# for ppc device-tree access
@{PROC}/device-tree/ r,
@{PROC}/device-tree/** r,