[PATCH 2/2] apparmor: allow unmounting .dev entries
Christian Ehrhardt
christian.ehrhardt at canonical.com
Thu Aug 13 10:57:06 UTC 2020
On Fri, Aug 7, 2020 at 6:14 PM Daniel P. Berrangé <berrange at redhat.com>
wrote:
> On Fri, Aug 07, 2020 at 12:21:20PM +0200, Christian Ehrhardt wrote:
> > With qemu 5.0 and libvirt 6.6 there are new apparmor denials:
> > apparmor="DENIED" operation="umount" profile="libvirtd"
> > name="/run/libvirt/qemu/1-kvmguest-groovy-norm.dev/" comm="rpc-worker"
> >
> > These are related to new issues around devmapper handling [1] and the
> > error path triggered by these issues now causes this new denial.
> >
> > There are already related rules for mounting and it seems right to
> > allow also the related umount.
> >
> > [1]:
> https://www.redhat.com/archives/libvir-list/2020-August/msg00236.html
> >
> > Signed-off-by: Christian Ehrhardt <christian.ehrhardt at canonical.com>
> > ---
> > src/security/apparmor/usr.sbin.libvirtd.in | 1 +
> > 1 file changed, 1 insertion(+)
>
> Reviewed-by: Daniel P. Berrangé <berrange at redhat.com>
>
Thanks for the review - there was no negative feedback so far and in tests
this worked fine.
I'm committing the changes to not be postponed to close to the next release.
> Regards,
> Daniel
> --
> |: https://berrange.com -o-
> https://www.flickr.com/photos/dberrange :|
> |: https://libvirt.org -o-
> https://fstop138.berrange.com :|
> |: https://entangle-photo.org -o-
> https://www.instagram.com/dberrange :|
>
>
--
Christian Ehrhardt
Staff Engineer, Ubuntu Server
Canonical Ltd
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20200813/cb8eb317/attachment-0001.htm>
More information about the libvir-list
mailing list