[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 07/10] apparmor, libvirt-qemu: Allow access to ceph config

On Wed, Jun 07, 2017 at 10:44:59AM -0600, Christian Ehrhardt wrote:
> On Fri, Jun 2, 2017 at 12:57 PM, Guido Günther <agx sigxcpu org> wrote:
> > Shouldn't this only be added when ceph is in use?
> > Cheers,
> >  -- Guido
> >
> Yeah it is part of a category of rules where in a perfect world we would
> wirte virt-aa-helper code for each of them.
> In this particular case I think the existance of the following would be the
> trigger:
> <disk type='network'>
> [...]
>     <source protocol="rbd"
> Yet for some cases - like this one - the "opening" we are doing in regard
> to apparmor is quite small and maybe the burden to create (and maintain) it
> in virt-aa-helper is too much.
> So I'd appreciate if that change could be considered as-is - otherwise
> please let me know - I'll then add it to a bunch of issues of the category
> "needs to be done in virt-aa-helper" which I already track.

I was uder the impression that ceph.conf might contain sensitive data
which we might not want to open up to all domains but looking at


this does not seem to be the case so this is probably o.k.
 -- Guido

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]