External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-10 23:07:44 +00:00
Code Issues Packages Projects Releases Wiki Activity

apparmor: Add ptrace and signal rules for named profile

Browse Source 
Commit a3ab6d42 changed the libvirtd profile to a named profile
but neglected to accommodate the change in the qemu profile
ptrace and signal rules. As a result, libvirtd is unable to
signal confined qemu processes and hence unable to shutdown
or destroy VMs.

Add ptrace and signal rules that reference the libvirtd profile
by name in addition to full binary path.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Acked-by: Jamie Strandboge <jamie@canonical.com>
This commit is contained in:
Jim Fehlig 2019-03-01 15:05:36 -07:00
parent 3fd1a15968
commit 4ec3cf9a0f
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/security/apparmor/libvirt-qemu
View File

@ -16,8 +16,10 @@
network inet stream,
network inet6 stream,
ptrace (readby, tracedby) peer=libvirtd,
ptrace (readby, tracedby) peer=/usr/sbin/libvirtd,
signal (receive) peer=libvirtd,
signal (receive) peer=/usr/sbin/libvirtd,
/dev/net/tun rw,