[libvirt] [PATCH 0/4] AppArmor updates
jamie at canonical.com
Thu Nov 12 17:47:38 UTC 2009
The following patchset contains various cleanups for the AppArmor
driver. It assumes that the patch contained in the email with the
following subject is already applied:
[libvirt] [PATCH] fix virt-aa-helper failure when host arch and os.type arch are different
This patch was ACKed but never applied. When committing that patch,
please also chmod 755 ./tests/virt-aa-helper-test.
Adds pulseaudio, alsa and preliminary save/restore to the example
apparmor abstraction. Also allows libvirtd access to inet dgram, inet6
dgram, inet6 stream and /usr/lib/libvirt/*.
Require absolute path for dynamic added files. This is required by
AppArmor and conveniently prevents adding tcp consoles to the profile.
This fixes https://launchpad.net/bugs/460271.
Suppress confusing and misleading apparmor denied message when kvm/qemu
tries to open a libvirt specified readonly file (such as a cdrom) with
write permissions. libvirt uses the readonly attribute for the security
driver only, and has no way of telling kvm/qemu that the device should
be opened readonly. This fixes https://launchpad.net/bugs/453335.
Implements all changes requested by DV except for getting rid of
readlink(). I can't use virFileResolveLink() because it lstat()s the
file and uses st.st_size to create a buffer. Unfortunately, running
lstat() on /proc/self/exe results in st.st_size to be 0.
The changes pass 'syntax-check'. secaatest and virt-aa-helper-test both
pass (there are several problems in the test suite causing 'make check'
to fail. These are all unrelated to these patches).
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 197 bytes
Desc: Digital signature
More information about the libvir-list