[libvirt] [PATCH] apparmor: allow libvirt to send term signal to unconfined

Christian Ehrhardt christian.ehrhardt at canonical.com
Tue Feb 6 14:54:05 UTC 2018


On Thu, Jan 25, 2018 at 9:09 PM, Jamie Strandboge <jamie at canonical.com> wrote:
> On Wed, 2018-01-24 at 10:41 +0100, intrigeri wrote:
>> Hi,
>>
>>
>> Guido Günther:
>> > --- a/examples/apparmor/usr.sbin.libvirtd
>> > +++ b/examples/apparmor/usr.sbin.libvirtd
>> > @@ -63,7 +63,7 @@
>> >    signal (send) peer=/usr/sbin/dnsmasq,
>> >    signal (read, send) peer=libvirt-*,
>> > -  signal (send) set=("kill") peer=unconfined,
>> > +  signal (send) set=("kill", "term") peer=unconfined,
>>
> LGTM too. +1 to apply.

2 x +1
1x resolved Discussion

IMHO nothing should block this from being committed - so ping?

+1 from me as well btw

-- 
Christian Ehrhardt
Software Engineer, Ubuntu Server
Canonical Ltd




More information about the libvir-list mailing list