[libvirt] [PATCH] 1/10 AppArmor driver updates

Jamie Strandboge jamie at canonical.com
Mon Apr 5 21:19:03 UTC 2010


On Mon, 2010-04-05 at 16:15 -0500, Jamie Strandboge wrote:
> 1_apparmor-dont-clear-caps.patch: originally submitted on 2010/02/08
> with no feedback. The calls to virExec() in security_apparmor.c when
> invoking virt-aa-helper use VIR_EXEC_CLEAR_CAPS. When compiled without
> libcap-ng, this is not a problem (it's effectively a no-op) but with
> libcap-ng this causes MAC_ADMIN to be cleared. MAC_ADMIN is needed by
> virt-aa-helper to manipulate apparmor profiles and without it VMs will
> not start[1]. This patch calls virExec with the default VIR_EXEC_NONE
> instead.


-- 
Jamie Strandboge             | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 1_apparmor-dont-clear-caps.patch
Type: text/x-patch
Size: 1588 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20100405/f88d19dc/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20100405/f88d19dc/attachment-0001.sig>


More information about the libvir-list mailing list