[libvirt] [PATCH] apparmor: allow libvirt to send term signal to unconfined
Christian Ehrhardt
christian.ehrhardt at canonical.com
Tue Feb 6 16:37:37 UTC 2018
On Tue, Feb 6, 2018 at 5:28 PM, Michal Privoznik <mprivozn at redhat.com> wrote:
> On 02/06/2018 03:54 PM, Christian Ehrhardt wrote:
>> On Thu, Jan 25, 2018 at 9:09 PM, Jamie Strandboge <jamie at canonical.com> wrote:
>>> On Wed, 2018-01-24 at 10:41 +0100, intrigeri wrote:
>>>> Hi,
>>>>
>>>>
>>>> Guido Günther:
>>>>> --- a/examples/apparmor/usr.sbin.libvirtd
>>>>> +++ b/examples/apparmor/usr.sbin.libvirtd
>>>>> @@ -63,7 +63,7 @@
>>>>> signal (send) peer=/usr/sbin/dnsmasq,
>>>>> signal (read, send) peer=libvirt-*,
>>>>> - signal (send) set=("kill") peer=unconfined,
>>>>> + signal (send) set=("kill", "term") peer=unconfined,
>>>>
>>> LGTM too. +1 to apply.
>>
>> 2 x +1
>> 1x resolved Discussion
>>
>> IMHO nothing should block this from being committed - so ping?
>>
>> +1 from me as well btw
>>
>
> I've just pushed this.
Thanks.
> BTW: haven't DV granted commit access to somebody
> just recently so that they can push these apparmor patches?
There were IRC discussions to get me commit access, but none with the
permissions was around at the time.
except for the unlikely case that all of the rest happened without me
knowing about it, it is not me :-)
If it was someone else, I'd be pleased to know who so we can CC
him/her on such changes.
--
Christian Ehrhardt
Software Engineer, Ubuntu Server
Canonical Ltd
More information about the libvir-list
mailing list