[libvirt] [PATCH 7/8] appmor, libvirt-qemu: Add 9p support
Stefan Bader
stefan.bader at canonical.com
Fri May 19 06:56:20 UTC 2017
On 18.05.2017 21:40, Serge E. Hallyn wrote:
> Quoting Guido Günther (agx at sigxcpu.org):
>> On Thu, May 18, 2017 at 11:21:54AM -0500, Serge E. Hallyn wrote:
>>> Mind you I'm not crazy about this. If this could be toggled with a
>>> default-off config option that would seem better than always giving
>>> these caps to libvirt-qemu.
>>
>> virt-aa-helper could add these if it detects a 9pfs file system. That
>> would be better than always adding it.
>
> Agreed
Ok, so at least for now, actually all 9p related changes should not be
considered. Does the rest look ok (in particular 1/8 with the additional
explanation)?
-Stefan
>
>> Cheers,
>> -- Guido
>>
>>>
>>> Quoting Stefan Bader (stefan.bader at canonical.com):
>>>> From: Serge Hallyn <serge.hallyn at ubuntu.com>
>>>>
>>>> Add fowner and fsetid to libvirt-qemu profile.
>>>>
>>>> Bug-Ubuntu: https://bugs.launchpad.net/bugs/1378434
>>>>
>>>> Signed-off-by: Christian Ehrhardt <christian.ehrhardt at canonical.com>
>>>> Signed-off-by: Stefan Bader <stefan.bader at canonical.com>
>>>> ---
>>>> examples/apparmor/libvirt-qemu | 4 ++++
>>>> 1 file changed, 4 insertions(+)
>>>>
>>>> diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
>>>> index 89466c9..f04ce04 100644
>>>> --- a/examples/apparmor/libvirt-qemu
>>>> +++ b/examples/apparmor/libvirt-qemu
>>>> @@ -13,6 +13,10 @@
>>>> capability setgid,
>>>> capability setuid,
>>>>
>>>> + # for 9p
>>>> + capability fsetid,
>>>> + capability fowner,
>>>> +
>>>> network inet stream,
>>>> network inet6 stream,
>>>>
>>>> --
>>>> 2.7.4
>>>
>
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20170519/6447039c/attachment-0001.sig>
More information about the libvir-list
mailing list