mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-30 09:53:10 +00:00
apparmor: Permit new capabilities required by libvirtd
The audit log contains the following denials from libvirtd apparmor="DENIED" operation="capable" profile="libvirtd" pid=6012 comm="daemon-init" capability=17 capname="sys_rawio" apparmor="DENIED" operation="capable" profile="libvirtd" pid=6012 comm="rpc-worker" capability=39 capname="bpf" apparmor="DENIED" operation="capable" profile="libvirtd" pid=6012 comm="rpc-worker" capability=38 capname="perfmon" Squelch the denials and allow the capabilities in the libvirtd apparmor profile. Signed-off-by: Jim Fehlig <jfehlig@suse.com> Reviewed-by: Neal Gompa <ngompa13@gmail.com> Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
This commit is contained in:
parent
55aaa1b037
commit
4f2811eb81
@ -25,6 +25,9 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) {
|
|||||||
capability fsetid,
|
capability fsetid,
|
||||||
capability audit_write,
|
capability audit_write,
|
||||||
capability ipc_lock,
|
capability ipc_lock,
|
||||||
|
capability sys_rawio,
|
||||||
|
capability bpf,
|
||||||
|
capability perfmon,
|
||||||
|
|
||||||
# Needed for vfio
|
# Needed for vfio
|
||||||
capability sys_resource,
|
capability sys_resource,
|
||||||
|
Loading…
Reference in New Issue
Block a user