[pkg-apparmor] Bug#805002: Bug#805002: libvirt-client: "virsh attach-disk" fails with AppArmor enabled
Guido Günther
agx at sigxcpu.org
Sat Jul 30 20:06:20 UTC 2016
On Sat, Jul 30, 2016 at 10:01:09PM +0200, Guido Günther wrote:
> On Sat, Jul 30, 2016 at 02:44:54PM +0200, Felix Geyer wrote:
> > Hi,
> >
> > On 30.07.2016 14:06, intrigeri wrote:
> > > So I don't see how we can make virsh attach-disk work under AppArmor
> > > without either rebooting the guest to take into account the updated
> > > profile, or extending the profile in advance (so that it allows access
> > > to all disks that one may want to attach later to a domain).
> >
> > AppArmor profile updates are supposed to be applied to running processes.
> > According to upstream there is/was a bug in the kernel and the userspace tools.
> >
> > Debian unstable (Linux 4.6.4-1, apparmor 2.10.95-4) is affected by this bug.
> > I haven't investigated further though.
>
> I had a quick look at
>
> https://git.kernel.org/cgit/linux/kernel/git/jj/linux-apparmor.git/log/?h=for-security
>
> (the only branch with recent udates) and didn't spot anything related to
> this.
Scratch that
https://git.kernel.org/cgit/linux/kernel/git/jj/linux-apparmor.git/log/?h=v4.7-aa2.8-out-of-tree
has some stuff that might be related.
Cheers,
-- Guido
More information about the pkg-apparmor-team
mailing list