[libvirt] [PATCH v2] AppArmor: add rules needed with additional mediation features brought by Linux 4.14.
intrigeri+libvirt at boum.org
intrigeri+libvirt at boum.org
Thu Oct 26 10:21:59 UTC 2017
[PATCH v2] AppArmor: add rules needed with additional mediation features
Changes since v1:
- remove unneeded "network unix" rules added by v1: they were only
needed due to a bug in apparmor_parser, that was fixed in AppArmor
2.11.1 since then;
- move the "network netlink raw" rule to honor previous sorting.
Note that the "mount" rule is very broad. It could be replaced with
a set of more specific rules in the future. A draft is available on
https://bugzilla.opensuse.org/show_bug.cgi?id=1065123, that should be
tested on various distros and configurations before it is submitted
upstream. But let's not block on this and focus first on avoiding
breakage when distros ship Linux 4.14: this is not a regression given
so far we had no mount mediation at all (except in Ubuntu that carries
out-of-tree patches).
More information about the libvir-list
mailing list