libvirt/examples/apparmor
Mike Latimer b61fb8e8af Fix apparmor issues for Xen
In order for apparmor to work properly in Xen environments, the following
access rights need to be allowed:

 - Allow CAP_SYS_PACCT, which is required when resetting some multi-port
   Broadcom cards by writting to the PCI config space

 - Allow CAP_IPC_LOCK, which is required to lock/unlock memory. Without
   this setting, an error 'Resource temporarily unavailable' can be seen
   while attempting to mmap memory. At the same time, the following
   apparmor message is seen:

   apparmor="DENIED" operation="capable" parent=1 profile="/usr/sbin/libvirtd"
   pid=2097 comm="libvirtd" pid=2097 comm="libvirtd" capability=14
   capname="ipc_lock"

 - Allow access to distribution specific directories:
     /usr/{lib,lib64}/xen/bin
2015-01-23 11:11:53 +01:00
..
libvirt-lxc Rework lxc apparmor profile 2014-07-15 12:57:05 -06:00
libvirt-qemu Teach AppArmor, that /usr/lib64 may exist. 2015-01-05 09:46:35 +01:00
Makefile.am Rework lxc apparmor profile 2014-07-15 12:57:05 -06:00
TEMPLATE.lxc Rework lxc apparmor profile 2014-07-15 12:57:05 -06:00
TEMPLATE.qemu Rework lxc apparmor profile 2014-07-15 12:57:05 -06:00
usr.lib.libvirt.virt-aa-helper Teach AppArmor, that /usr/lib64 may exist. 2015-01-05 09:46:35 +01:00
usr.sbin.libvirtd Fix apparmor issues for Xen 2015-01-23 11:11:53 +01:00