libvirt/examples/apparmor
Jim Fehlig 0af5ced4b8 apparmor: allow qemu abstraction to read /proc/pid/cmdline
Noticed the following denial in audit.log when shutting down
an apparmor confined domain

type=AVC msg=audit(1512002299.742:131): apparmor="DENIED"
operation="open" profile="libvirt-66154842-e926-4f92-92f0-1c1bf61dd1ff"
name="/proc/1475/cmdline" pid=2958 comm="qemu-system-x86"
requested_mask="r" denied_mask="r" fsuid=469 ouid=0

Squelch the denial by allowing read access to /proc/<pid>/cmdline.
2017-12-04 07:00:14 -07:00
..
libvirt-lxc Rework lxc apparmor profile 2014-07-15 12:57:05 -06:00
libvirt-qemu apparmor: allow qemu abstraction to read /proc/pid/cmdline 2017-12-04 07:00:14 -07:00
TEMPLATE.lxc apparmor: add attach_disconnected 2017-09-18 19:06:52 +02:00
TEMPLATE.qemu apparmor: add attach_disconnected 2017-09-18 19:06:52 +02:00
usr.lib.libvirt.virt-aa-helper apparmor, virt-aa-helper: allow ipv6 2017-11-07 16:57:32 +01:00
usr.sbin.libvirtd AppArmor: add mount rules needed with additional mediation features brought by Linux 4.14 2017-11-19 19:16:27 +01:00