Christian Ehrhardt aa9e3354ef apparmor: allow expected /tmp access patterns ... Several cases were found needing /tmp, for example ceph will try to list /tmp This is a compromise of security and usability: - we only allow generally enumerating the base dir - enumerating anything deeper in the dir is at least guarded by the "owner" restriction, but while that protects files of other services it won't protect qemu instances against each other as they usually run with the same user. - even with the owner restriction we only allow read for the wildcard path Acked-by: Jamie Strandboge <jamie@canonical.com> Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>		2018-08-16 13:07:37 +02:00
..
admin	examples: Resolve sign-compare warnings	2016-12-20 13:11:25 +01:00
apparmor	apparmor: allow expected /tmp access patterns	2018-08-16 13:07:37 +02:00
dominfo	examples: Use one top level makefile	2016-01-09 21:14:12 -05:00
dommigrate	examples: Use one top level makefile	2016-01-09 21:14:12 -05:00
domsuspend	Remove backslash alignment attempts	2017-11-03 13:24:12 +01:00
domtop	Remove backslash alignment attempts	2017-11-03 13:24:12 +01:00
hellolibvirt	examples: Remove config.h from hellolibvirt and openauth	2018-07-09 08:53:11 +02:00
lxcconvert	lxc: allow use of lxc:///system URI as preferred format	2018-04-12 16:52:01 +01:00
object-events	Remove backslash alignment attempts	2017-11-03 13:24:12 +01:00
openauth	examples: Remove config.h from hellolibvirt and openauth	2018-07-09 08:53:11 +02:00
polkit	examples: Use one top level makefile	2016-01-09 21:14:12 -05:00
rename	examples: Use one top level makefile	2016-01-09 21:14:12 -05:00
systemtap	Forget last daemon/ dir artefacts	2018-07-27 15:44:38 +02:00
xml	examples: Add clean-traffic-gateway into nwfilters	2018-07-18 14:03:47 +02:00
Makefile.am	virt-aa-helper: handle more disk images	2017-12-20 11:05:54 +01:00