[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt] [PATCH 7/8] appmor, libvirt-qemu: Add 9p support



On 18.05.2017 21:40, Serge E. Hallyn wrote:
> Quoting Guido Günther (agx sigxcpu org):
>> On Thu, May 18, 2017 at 11:21:54AM -0500, Serge E. Hallyn wrote:
>>> Mind you I'm not crazy about this.  If this could be toggled with a
>>> default-off config option that would seem better than always giving
>>> these caps to libvirt-qemu.
>>
>> virt-aa-helper could add these if it detects a 9pfs file system. That
>> would be better than always adding it.
> 
> Agreed

Ok, so at least for now, actually all 9p related changes should not be
considered. Does the rest look ok (in particular 1/8 with the additional
explanation)?

-Stefan

> 
>> Cheers,
>>  -- Guido
>>
>>>
>>> Quoting Stefan Bader (stefan bader canonical com):
>>>> From: Serge Hallyn <serge hallyn ubuntu com>
>>>>
>>>> Add fowner and fsetid to libvirt-qemu profile.
>>>>
>>>> Bug-Ubuntu: https://bugs.launchpad.net/bugs/1378434
>>>>
>>>> Signed-off-by: Christian Ehrhardt <christian ehrhardt canonical com>
>>>> Signed-off-by: Stefan Bader <stefan bader canonical com>
>>>> ---
>>>>  examples/apparmor/libvirt-qemu | 4 ++++
>>>>  1 file changed, 4 insertions(+)
>>>>
>>>> diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
>>>> index 89466c9..f04ce04 100644
>>>> --- a/examples/apparmor/libvirt-qemu
>>>> +++ b/examples/apparmor/libvirt-qemu
>>>> @@ -13,6 +13,10 @@
>>>>    capability setgid,
>>>>    capability setuid,
>>>>  
>>>> +  # for 9p
>>>> +  capability fsetid,
>>>> +  capability fowner,
>>>> +
>>>>    network inet stream,
>>>>    network inet6 stream,
>>>>  
>>>> -- 
>>>> 2.7.4
>>>
> 
> --
> libvir-list mailing list
> libvir-list redhat com
> https://www.redhat.com/mailman/listinfo/libvir-list
> 


Attachment: signature.asc
Description: OpenPGP digital signature


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]