External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-08-06 00:43:48 +00:00
Code Issues Packages Projects Releases Wiki Activity
37a4e6d430
libvirt/examples/apparmor
History
Christian Ehrhardt 37a4e6d430 apparmor: allow qemu to read max_segments 
Since qemu 2.9 via 9103f1ce "file-posix: Consider max_segments for
BlockLimits.max_transfer" this is a new access that is denied by the
qemu profile.

It is non fatal, but prevents the fix mentioned to actually work.
It should be safe to allow reading from that path.

Since qemu opens a symlink path we need to translate that for apparmor from
"/sys/dev/block/*/queue/max_segments" to
"/sys/devices/**/block/*/queue/max_segments"

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2017-11-07 16:57:32 +01:00
..
libvirt-lxc Rework lxc apparmor profile 2014-07-15 12:57:05 -06:00
libvirt-qemu apparmor: allow qemu to read max_segments 2017-11-07 16:57:32 +01:00
TEMPLATE.lxc apparmor: add attach_disconnected 2017-09-18 19:06:52 +02:00
TEMPLATE.qemu apparmor: add attach_disconnected 2017-09-18 19:06:52 +02:00
usr.lib.libvirt.virt-aa-helper apparmor, virt-aa-helper: Explicit denies for host devices 2017-05-19 09:48:23 +02:00
usr.sbin.libvirtd apparmor: add dnsmasq ptrace rule to libvirtd profile 2017-10-06 16:39:15 -06:00