[PATCH 1/1] virt-aa-helper: allow hard links for mounts
Christian Schoenebeck
qemu_oss at crudebyte.com
Fri Oct 23 14:19:36 UTC 2020
On Donnerstag, 22. Oktober 2020 19:07:33 CEST Michal Privoznik wrote:
> [Please don't CC random people on patches until asked to, we are all
> subscribed to the list]
>
Got it, I'll refrain from CCing on libvirt in future.
Not as erratic as it looks like though: I CCed people who touched this
specific AppArmor permission before, plus the virtiofs maintainers.
> On 10/22/20 4:58 PM, Christian Schoenebeck wrote:
> > Guests should be allowed to create hard links on mounted pathes, since
> > many applications rely on this functionality and would error on guest
> > with current "rw" AppArmor permission with 9pfs.
> >
> > Signed-off-by: Christian Schoenebeck <qemu_oss at crudebyte.com>
> > ---
> >
> > src/security/virt-aa-helper.c | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
> > index 12429278fb..5a6f4a5f7d 100644
> > --- a/src/security/virt-aa-helper.c
> > +++ b/src/security/virt-aa-helper.c
> > @@ -1142,7 +1142,7 @@ get_files(vahControl * ctl)
> >
> > /* We don't need to add deny rw rules for readonly mounts,
> >
> > * this can only lead to troubles when mounting / readonly.
> > */
> >
> > - if (vah_add_path(&buf, fs->src->path, fs->readonly ? "R" :
> > "rw", true) != 0) + if (vah_add_path(&buf, fs->src->path,
> > fs->readonly ? "R" : "rwl", true) != 0)>
> > goto cleanup;
> >
> > }
> >
> > }
>
> Reviewed-by: Michal Privoznik <mprivozn at redhat.com>
>
> but I will give a day or two for other developers to chime in.
>
> Michal
Yes, please wait couple days to see whether there are reactions.
Best regards,
Christian Schoenebeck
More information about the libvir-list
mailing list