External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-22 05:35:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

security: apparmor: Allow QEMU read /proc/sys/vm/max_map_count

Browse Source 
In its commit v9.0.0-rc0~1^2 QEMU started to read
/proc/sys/vm/max_map_count file to set up coroutine limits better
(something about VMAs, mmap(), see the commit for more info).
Allow the file in apparmor profile.

Resolves: https://gitlab.com/libvirt/libvirt/-/issues/660
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Peter Krempa <pkrempa@redhat.com>
This commit is contained in:
Michal Privoznik 2024-08-20 12:00:16 +02:00
parent a70cdeeb2a
commit 85e07fb1ce
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/security/apparmor/libvirt-qemu.in
View File

@ -34,6 +34,7 @@
# only modify its comm value or those in its thread group.
owner @{PROC}/@{pid}/task/@{tid}/comm rw,
@{PROC}/sys/kernel/cap_last_cap r,
@{PROC}/sys/vm/max_map_count r,
@{PROC}/sys/vm/overcommit_memory r,
# detect hardware capabilities via qemu_getauxval
owner @{PROC}/*/auxv r,