[libvirt] [PATCH] 1/10 AppArmor driver updates

Daniel Veillard veillard at redhat.com
Tue Apr 6 14:08:44 UTC 2010


On Mon, Apr 05, 2010 at 04:19:03PM -0500, Jamie Strandboge wrote:
> On Mon, 2010-04-05 at 16:15 -0500, Jamie Strandboge wrote:
> > 1_apparmor-dont-clear-caps.patch: originally submitted on 2010/02/08
> > with no feedback. The calls to virExec() in security_apparmor.c when
> > invoking virt-aa-helper use VIR_EXEC_CLEAR_CAPS. When compiled without
> > libcap-ng, this is not a problem (it's effectively a no-op) but with
> > libcap-ng this causes MAC_ADMIN to be cleared. MAC_ADMIN is needed by
> > virt-aa-helper to manipulate apparmor profiles and without it VMs will
> > not start[1]. This patch calls virExec with the default VIR_EXEC_NONE
> > instead.

  Okay, we should have reviewed this at the time, sorry. Fairly
contained, so applied and commited, I will push it soon,

   thanks !

Daniel

-- 
Daniel Veillard      | libxml Gnome XML XSLT toolkit  http://xmlsoft.org/
daniel at veillard.com  | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library  http://libvirt.org/




More information about the libvir-list mailing list