[pkg-apparmor] Bug#805002: Bug#805002: libvirt-client: "virsh attach-disk" fails with AppArmor enabled
Guido Günther
agx at sigxcpu.org
Sat Jul 30 20:01:09 UTC 2016
On Sat, Jul 30, 2016 at 02:44:54PM +0200, Felix Geyer wrote:
> Hi,
>
> On 30.07.2016 14:06, intrigeri wrote:
> > So I don't see how we can make virsh attach-disk work under AppArmor
> > without either rebooting the guest to take into account the updated
> > profile, or extending the profile in advance (so that it allows access
> > to all disks that one may want to attach later to a domain).
>
> AppArmor profile updates are supposed to be applied to running processes.
> According to upstream there is/was a bug in the kernel and the userspace tools.
>
> Debian unstable (Linux 4.6.4-1, apparmor 2.10.95-4) is affected by this bug.
> I haven't investigated further though.
I had a quick look at
https://git.kernel.org/cgit/linux/kernel/git/jj/linux-apparmor.git/log/?h=for-security
(the only branch with recent udates) and didn't spot anything related to
this.
Cheers,
-- Guido
>
> Felix
>
More information about the pkg-apparmor-team
mailing list