[libvirt] [PATCH] apparmor: allow reading cap_last_cap
Michal Privoznik
mprivozn at redhat.com
Thu Sep 4 12:31:24 UTC 2014
On 03.09.2014 21:53, Jamie Strandboge wrote:
> On 09/03/2014 02:52 PM, Felix Geyer wrote:
>> libcap-ng >= 0.7.4 fails when it can't read /sys/kernel/cap_last_cap
>> and thus running a qemu guest fails.
>>
>> Allow reading cap_last_cap in the libvirt-qemu apparmor abstraction.
>> ---
>> examples/apparmor/libvirt-qemu | 1 +
>> 1 file changed, 1 insertion(+)
>>
>> diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
>> index 83814ec..1a98182 100644
>> --- a/examples/apparmor/libvirt-qemu
>> +++ b/examples/apparmor/libvirt-qemu
>> @@ -21,6 +21,7 @@
>> /dev/ptmx rw,
>> /dev/kqemu rw,
>> @{PROC}/*/status r,
>> + @{PROC}/sys/kernel/cap_last_cap r,
>>
>> # For hostdev access. The actual devices will be added dynamically
>> /sys/bus/usb/devices/ r,
>>
>
> ACK
>
I've updated the 'last modified' comment at the beginning of the file
(apparently we haven't updated it for ages despite the file was
modified) and pushed now!
Michal
More information about the libvir-list
mailing list