[libvirt PATCH] apparmor: Allow running /usr/libexec/qemu-kvm
Andrea Bolognani
abologna at redhat.com
Thu Nov 3 15:02:33 UTC 2022
On Thu, Nov 03, 2022 at 08:24:37AM -0600, Jim Fehlig wrote:
> On 11/3/22 05:13, Andrea Bolognani wrote:
> > + # Needed when running the RHEL/CentOS version of libvirt and QEMU
> > + # inside a privileged container on a Debian/Ubuntu host
> > + /usr/libexec/qemu-kvm PUx,
>
> Do you also need the path in src/security/apparmor/libvirt-qemu?
Good question :)
IIUC usr.sbin.{libvirtd,virtqemud}.in is the profile that is used for
the daemon and libvirt-qemu the one that's used for the QEMU process
itself, right?
If that's the case, I don't really understand why we would need to
list the various QEMU binaries in there? Once the QEMU process has
been started, it shouldn't really need to access any other QEMU
binary, should it? Or am I missing something obvious?
--
Andrea Bolognani / Red Hat / Virtualization
More information about the libvir-list
mailing list