External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-08-06 17:03:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
aa9e3354ef
libvirt/examples/apparmor
History
Christian Ehrhardt aa9e3354ef
apparmor: allow expected /tmp access patterns 
Several cases were found needing /tmp, for example ceph will try to list /tmp
This is a compromise of security and usability:
 - we only allow generally enumerating the base dir
 - enumerating anything deeper in the dir is at least guarded by the
   "owner" restriction, but while that protects files of other services
   it won't protect qemu instances against each other as they usually run
   with the same user.
 - even with the owner restriction we only allow read for the wildcard
   path

Acked-by: Jamie Strandboge <jamie@canonical.com>
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
2018-08-16 13:07:37 +02:00
..
libvirt-lxc Rework lxc apparmor profile 2014-07-15 12:57:05 -06:00
libvirt-qemu apparmor: allow expected /tmp access patterns 2018-08-16 13:07:37 +02:00
TEMPLATE.lxc apparmor: add attach_disconnected 2017-09-18 19:06:52 +02:00
TEMPLATE.qemu apparmor: add attach_disconnected 2017-09-18 19:06:52 +02:00
usr.lib.libvirt.virt-aa-helper apparmor: Fix forgotten comma at EOL 2018-07-04 07:59:29 +02:00
usr.sbin.libvirtd apparmor: add mediation rules for unconfined guests 2018-08-16 12:58:56 +02:00