[PATCH 1/1] virt-aa-helper: allow hard links for mounts
Michal Privoznik
mprivozn at redhat.com
Thu Oct 22 17:07:33 UTC 2020
[Please don't CC random people on patches until asked to, we are all
subscribed to the list]
On 10/22/20 4:58 PM, Christian Schoenebeck wrote:
> Guests should be allowed to create hard links on mounted pathes, since
> many applications rely on this functionality and would error on guest
> with current "rw" AppArmor permission with 9pfs.
>
> Signed-off-by: Christian Schoenebeck <qemu_oss at crudebyte.com>
> ---
> src/security/virt-aa-helper.c | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
> index 12429278fb..5a6f4a5f7d 100644
> --- a/src/security/virt-aa-helper.c
> +++ b/src/security/virt-aa-helper.c
> @@ -1142,7 +1142,7 @@ get_files(vahControl * ctl)
> /* We don't need to add deny rw rules for readonly mounts,
> * this can only lead to troubles when mounting / readonly.
> */
> - if (vah_add_path(&buf, fs->src->path, fs->readonly ? "R" : "rw", true) != 0)
> + if (vah_add_path(&buf, fs->src->path, fs->readonly ? "R" : "rwl", true) != 0)
> goto cleanup;
> }
> }
>
Reviewed-by: Michal Privoznik <mprivozn at redhat.com>
but I will give a day or two for other developers to chime in.
Michal
More information about the libvir-list
mailing list