mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-10-31 10:23:09 +00:00
0d05d51b71
LXC processes confined by apparmor are not permitted to receive signals from libvirtd. Attempting to destroy such a process fails virsh --connect lxc:/// destroy distro_apparmor error: Failed to destroy domain distro_apparmor error: Failed to kill process 29491: Permission denied And from /var/log/audit/audit.log type=AVC msg=audit(1606949706.142:6345): apparmor="DENIED" operation="signal" profile="libvirt-314b7109-fdce-48dc-ad28-7c47958a27c1" pid=29390 comm="libvirtd" requested_mask="receive" denied_mask="receive" signal=term peer="libvirtd" Similar to the libvirt-qemu abstraction, add a rule to the libvirt-lxc abstraction allowing reception of signals from libvirtd. Signed-off-by: Jim Fehlig <jfehlig@suse.com> Reviewed-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> |
||
---|---|---|
.. | ||
apparmor | ||
meson.build | ||
security_apparmor.c | ||
security_apparmor.h | ||
security_dac.c | ||
security_dac.h | ||
security_driver.c | ||
security_driver.h | ||
security_manager.c | ||
security_manager.h | ||
security_nop.c | ||
security_nop.h | ||
security_selinux.c | ||
security_selinux.h | ||
security_stack.c | ||
security_stack.h | ||
security_util.c | ||
security_util.h | ||
virt-aa-helper.c |