[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt] [PATCH] apparmor: add network netlink raw rule



The rule 'network netlink raw' fixes these denials on libvirtd start:

apparmor="DENIED" operation="create" profile="/usr/sbin/libvirtd" pid=12969
comm="libvirtd" family="netlink" sock_type="raw" protocol=0
requested_mask="create" denied_mask="create"
---
 examples/apparmor/usr.sbin.libvirtd | 1 +
 1 file changed, 1 insertion(+)

diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd
index 819068ffc..8ac5233cc 100644
--- a/examples/apparmor/usr.sbin.libvirtd
+++ b/examples/apparmor/usr.sbin.libvirtd
@@ -36,6 +36,7 @@
   network inet6 dgram,
   network packet dgram,
   network packet raw,
+  network netlink raw,
 
   ptrace (trace) peer=unconfined,
   ptrace (trace) peer=/usr/sbin/libvirtd,
-- 
2.14.3


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]