[PATCH 1/1] virt-aa-helper: allow hard links for mounts
Christian Schoenebeck
qemu_oss at crudebyte.com
Thu Oct 22 14:58:00 UTC 2020
Guests should be allowed to create hard links on mounted pathes, since
many applications rely on this functionality and would error on guest
with current "rw" AppArmor permission with 9pfs.
Signed-off-by: Christian Schoenebeck <qemu_oss at crudebyte.com>
---
src/security/virt-aa-helper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 12429278fb..5a6f4a5f7d 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -1142,7 +1142,7 @@ get_files(vahControl * ctl)
/* We don't need to add deny rw rules for readonly mounts,
* this can only lead to troubles when mounting / readonly.
*/
- if (vah_add_path(&buf, fs->src->path, fs->readonly ? "R" : "rw", true) != 0)
+ if (vah_add_path(&buf, fs->src->path, fs->readonly ? "R" : "rwl", true) != 0)
goto cleanup;
}
}
--
2.20.1
More information about the libvir-list
mailing list