External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-02-21 19:02:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

apparmor: Allow access to /sys/devices/system/node/*/cpumap for libnuma

Browse Source 
A QEMU change (10218ae6d006f76410804cc4dc690085b3d008b5) introduced
some libnuma calls that require read access to
/sys/devices/system/node/*/cpumap, which currently is forbidden by the
standard apparmor profile.

This commit allows read-only access to the file specified above.

Closes: https://gitlab.com/libvirt/libvirt/-/issues/515

Signed-off-by: Sergio Durigan Junior <sergio.durigan@canonical.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
This commit is contained in:
Sergio Durigan Junior 2024-01-11 16:17:41 -05:00 committed by Jim Fehlig
parent 9e555699a2
commit 6fa82fd8e2
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/security/apparmor/libvirt-qemu.in
View File

@ -252,6 +252,9 @@
/sys/devices/system/node/node[0-9]*/meminfo r,
/sys/module/vhost/parameters/max_mem_regions r,
# Access to libnuma
/sys/devices/system/node/*/cpumap r,
# silence refusals to open lttng files (see LP: #1432644)
deny /dev/shm/lttng-ust-wait-* r,
deny /run/shm/lttng-ust-wait-* r,