mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-23 14:15:28 +00:00
apparmor: allow unmounting .dev entries
With qemu 5.0 and libvirt 6.6 there are new apparmor denials: apparmor="DENIED" operation="umount" profile="libvirtd" name="/run/libvirt/qemu/1-kvmguest-groovy-norm.dev/" comm="rpc-worker" These are related to new issues around devmapper handling [1] and the error path triggered by these issues now causes this new denial. There are already related rules for mounting and it seems right to allow also the related umount. [1]: https://www.redhat.com/archives/libvir-list/2020-August/msg00236.html Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
parent
d9c21f4bfc
commit
d61d8206f3
@ -31,6 +31,7 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) {
|
|||||||
|
|
||||||
mount options=(rw,rslave) -> /,
|
mount options=(rw,rslave) -> /,
|
||||||
mount options=(rw, nosuid) -> /{var/,}run/libvirt/qemu/*.dev/,
|
mount options=(rw, nosuid) -> /{var/,}run/libvirt/qemu/*.dev/,
|
||||||
|
umount /{var/,}run/libvirt/qemu/*.dev/,
|
||||||
|
|
||||||
# libvirt provides any mounts under /dev to qemu namespaces
|
# libvirt provides any mounts under /dev to qemu namespaces
|
||||||
mount options=(rw, move) /dev/ -> /{,var/}run/libvirt/qemu/*.dev/,
|
mount options=(rw, move) /dev/ -> /{,var/}run/libvirt/qemu/*.dev/,
|
||||||
|
Loading…
Reference in New Issue
Block a user