[libvirt] [PATCH] apparmor: add network netlink raw rule
Jim Fehlig
jfehlig at suse.com
Thu Nov 9 16:43:31 UTC 2017
On 11/09/2017 09:24 AM, Cédric Bosdonnat wrote:
> The rule 'network netlink raw' fixes these denials on libvirtd start:
>
> apparmor="DENIED" operation="create" profile="/usr/sbin/libvirtd" pid=12969
> comm="libvirtd" family="netlink" sock_type="raw" protocol=0
> requested_mask="create" denied_mask="create"
> ---
> examples/apparmor/usr.sbin.libvirtd | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd
> index 819068ffc..8ac5233cc 100644
> --- a/examples/apparmor/usr.sbin.libvirtd
> +++ b/examples/apparmor/usr.sbin.libvirtd
> @@ -36,6 +36,7 @@
> network inet6 dgram,
> network packet dgram,
> network packet raw,
> + network netlink raw,
This is already included in intrigeri's patchset to fix other apparmor rules
https://www.redhat.com/archives/libvir-list/2017-November/msg00161.html
Regards,
Jim
More information about the libvir-list
mailing list