[Pkg-libvirt-commits] [libvirt] 01/04: apparmor: add attach_disconnected

Guido Guenther agx at moszumanska.debian.org
Mon Sep 18 19:19:48 UTC 2017 

This is an automated email from the git hooks/post-receive script.

agx pushed a commit to annotated tag debian/3.7.0-4
in repository libvirt.

commit fdbca999c156877af8a49312131a24aec10c15c4
Author: Guido Günther <agx at sigxcpu.org>
Date:   Fri Sep 15 17:19:06 2017 +0200

    apparmor: add attach_disconnected
    
    Closes: #876071
---
 .../patches/apparmor-add-attach_disconnected.patch | 38 ++++++++++++++++++++++
 debian/patches/series                              |  1 +
 2 files changed, 39 insertions(+)

diff --git a/debian/patches/apparmor-add-attach_disconnected.patch b/debian/patches/apparmor-add-attach_disconnected.patch
new file mode 100644
index 0000000..762e998
--- /dev/null
+++ b/debian/patches/apparmor-add-attach_disconnected.patch
@@ -0,0 +1,38 @@
+From: =?utf-8?q?Guido_G=C3=BCnther?= <agx at sigxcpu.org>
+Date: Fri, 15 Sep 2017 17:13:16 +0200
+Subject: apparmor: add attach_disconnected
+
+Otherwise we fail to reconnect to /dev/net/tun opened by libvirtd
+like
+
+    [ 8144.507756] audit: type=1400 audit(1505488162.386:38069121): apparmor="DENIED" operation="file_perm" info="Failed name lookup - disconnected path" error=-13 profile="libvirt-5dfcc8a7-b79a-4fa9-a41f-f6271651934c" name="dev/net/tun" pid=9607 comm="qemu-system-x86" requested_mask="r" denied_mask="r" fsuid=117 ouid=0
+---
+ examples/apparmor/TEMPLATE.lxc  | 2 +-
+ examples/apparmor/TEMPLATE.qemu | 2 +-
+ 2 files changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/examples/apparmor/TEMPLATE.lxc b/examples/apparmor/TEMPLATE.lxc
+index 7b64885..f1005dc 100644
+--- a/examples/apparmor/TEMPLATE.lxc
++++ b/examples/apparmor/TEMPLATE.lxc
+@@ -4,7 +4,7 @@
+ 
+ #include <tunables/global>
+ 
+-profile LIBVIRT_TEMPLATE {
++profile LIBVIRT_TEMPLATE flags=(attach_disconnected) {
+   #include <abstractions/libvirt-lxc>
+ 
+   # Globally allows everything to run under this profile
+diff --git a/examples/apparmor/TEMPLATE.qemu b/examples/apparmor/TEMPLATE.qemu
+index 008a221..a327315 100644
+--- a/examples/apparmor/TEMPLATE.qemu
++++ b/examples/apparmor/TEMPLATE.qemu
+@@ -4,6 +4,6 @@
+ 
+ #include <tunables/global>
+ 
+-profile LIBVIRT_TEMPLATE {
++profile LIBVIRT_TEMPLATE flags=(attach_disconnected) {
+   #include <abstractions/libvirt-qemu>
+ }
diff --git a/debian/patches/series b/debian/patches/series
index a18caf4..c0cea72 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -16,3 +16,4 @@ debian/Use-upstreams-polkit-rule.patch
 debian/apparmor_profiles_local_include.patch
 Set-defaults-for-zfs-tools.patch
 Pass-GPG_TTY-env-var-to-the-ssh-binary.patch
+apparmor-add-attach_disconnected.patch

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-libvirt/libvirt.git

More information about the Pkg-libvirt-commits mailing list