libvirt/src/security
Stefano Brivio f95675fdbb apparmor: Add user session path for PID and socket files used by passt
Commit 7a39b04d68 ("apparmor: Enable passt support") grants
passt(1) read-write access to /{,var/}run/libvirt/qemu/passt/* if
started by the libvirt daemon. That's the path where passt creates
PID and socket files only if the guest is started by the root user.

If the guest is started by another user, though, the path is more
commonly /var/run/user/$UID/libvirt/qemu/run/passt: add it as
read-write location. Otherwise, passt won't be able to start, as
reported by Andreas.

While at it, replace /{,var/}run/ in the existing rule by its
corresponding tunable variable, @{run}.

Fixes: 7a39b04d68 ("apparmor: Enable passt support")
Link: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061678
Reported-by: Andreas B. Mundt <andi@debian.org>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2024-01-31 11:25:32 +01:00
..
apparmor apparmor: Add user session path for PID and socket files used by passt 2024-01-31 11:25:32 +01:00
meson.build meson: Always use the / operator to join paths 2021-08-11 09:16:36 +02:00
security_apparmor.c conf: put hostdev PCI backend into a struct 2024-01-07 23:57:09 -05:00
security_apparmor.h
security_dac.c conf: put hostdev PCI backend into a struct 2024-01-07 23:57:09 -05:00
security_dac.h lib: Drop internal virXXXPtr typedefs 2021-04-13 17:00:38 +02:00
security_driver.c security: Update format strings in translated messages 2023-04-01 11:40:34 +02:00
security_driver.h security: make it possible to set SELinux label of child process from its binary 2023-03-10 14:09:29 -05:00
security_manager.c lib: Replace qsort() with g_qsort_with_data() 2023-11-24 09:53:14 +01:00
security_manager.h security: make it possible to set SELinux label of child process from its binary 2023-03-10 14:09:29 -05:00
security_nop.c security: make it possible to set SELinux label of child process from its binary 2023-03-10 14:09:29 -05:00
security_nop.h
security_selinux.c conf: put hostdev PCI backend into a struct 2024-01-07 23:57:09 -05:00
security_selinux.h
security_stack.c security: make it possible to set SELinux label of child process from its binary 2023-03-10 14:09:29 -05:00
security_stack.h lib: Drop internal virXXXPtr typedefs 2021-04-13 17:00:38 +02:00
security_util.c security_util: fix log in virSecurityMoveRememberedLabel 2023-12-07 11:31:30 +01:00
security_util.h
virt-aa-helper.c conf: put hostdev PCI backend into a struct 2024-01-07 23:57:09 -05:00