External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-09 22:45:21 +00:00
Code Issues Packages Projects Releases Wiki Activity
3a7c6e0c4c
libvirt/src/security
History
Andrea Bolognani ef48295105 apparmor: Allow umount(/dev) 
Commit 379c0ce4bf introduced a call to umount(/dev) performed
inside the namespace that we run QEMU in.

As a result of this, on machines using AppArmor, VM startup now
fails with

  internal error: Process exited prior to exec: libvirt:
  QEMU Driver error: failed to umount devfs on /dev: Permission denied

The corresponding denial is

  AVC apparmor="DENIED" operation="umount" profile="libvirtd"
      name="/dev/" pid=70036 comm="rpc-libvirtd"

Extend the AppArmor configuration for virtqemud and libvirtd so
that this operation is allowed.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2023-01-18 18:02:03 +01:00
..
apparmor apparmor: Allow umount(/dev) 2023-01-18 18:02:03 +01:00
meson.build meson: Always use the / operator to join paths 2021-08-11 09:16:36 +02:00
security_apparmor.c security: use g_autofree and remove unnecessary label 2023-01-09 04:38:52 +01:00
security_apparmor.h src/security: use #pragma once in headers 2019-06-19 17:12:31 +02:00
security_dac.c security_selinux: Set and restore /dev/sgx_* labels 2023-01-13 08:41:51 +01:00
security_dac.h lib: Drop internal virXXXPtr typedefs 2021-04-13 17:00:38 +02:00
security_driver.c lib: Drop internal virXXXPtr typedefs 2021-04-13 17:00:38 +02:00
security_driver.h security: Extend TPM label APIs 2022-12-05 10:40:52 +01:00
security_manager.c security: Extend TPM label APIs 2022-12-05 10:40:52 +01:00
security_manager.h security_selinux: Set and restore /dev/sgx_* labels 2023-01-13 08:41:51 +01:00
security_nop.c security: Remove unused includes 2022-06-07 16:07:00 +02:00
security_nop.h src/security: use #pragma once in headers 2019-06-19 17:12:31 +02:00
security_selinux.c security_selinux: Set and restore /dev/sgx_* labels 2023-01-13 08:41:51 +01:00
security_selinux.h src/security: use #pragma once in headers 2019-06-19 17:12:31 +02:00
security_stack.c security: Extend TPM label APIs 2022-12-05 10:40:52 +01:00
security_stack.h lib: Drop internal virXXXPtr typedefs 2021-04-13 17:00:38 +02:00
security_util.c security: Remove unused includes 2022-06-07 16:07:00 +02:00
security_util.h qemusecuritytest: Skip on non supported platforms 2020-11-06 09:14:53 +01:00
virt-aa-helper.c conf: rename virDomainNetBackend* to virDomainNetDriver* 2023-01-09 14:24:27 -05:00