mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 13:45:38 +00:00
apparmor: allow libvirt to send term signal to unconfined
Otherwise stopping domains with qemu://session fails like [164012.338157] audit: type=1400 audit(1516202208.784:99): apparmor="DENIED" operation="signal" profile="/usr/sbin/libvirtd" pid=18835 comm="libvirtd" requested_mask="send" denied_mask="send" signal=term peer="unconfined"
This commit is contained in:
parent
792c6d8a68
commit
7edcbd02aa
@ -63,7 +63,7 @@
|
||||
|
||||
signal (send) peer=/usr/sbin/dnsmasq,
|
||||
signal (read, send) peer=libvirt-*,
|
||||
signal (send) set=("kill") peer=unconfined,
|
||||
signal (send) set=("kill", "term") peer=unconfined,
|
||||
|
||||
# Very lenient profile for libvirtd since we want to first focus on confining
|
||||
# the guests. Guests will have a very restricted profile.
|
||||
|
Loading…
Reference in New Issue
Block a user