[libvirt] [PATCH] Add capability to example AppArmor profile
Steven Leung
stvleung at gmail.com
Wed May 28 23:03:10 UTC 2014
I encountered an AppArmor denial in Ubuntu 14.04. I had filed a bug here https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1324251
I just wanted to see this applied upstream from Ubuntu. This update to the profile is necessary to write to 9pfs mounts. Let me know what you think about the following patch:
diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
index 83814ec..c80294c 100644
--- a/examples/apparmor/libvirt-qemu
+++ b/examples/apparmor/libvirt-qemu
@@ -9,6 +9,10 @@
capability dac_read_search,
capability chown,
+ # to create and modify with 9p shares
+ capability fowner,
+ capability fsetid,
+
# needed to drop privileges
capability setgid,
capability setuid,
I’m running on libvirt: 1.2.2
My host machine is: x86_64
The hypervisor is: KVM
--
Steven
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20140528/f519539f/attachment-0001.htm>
More information about the libvir-list
mailing list