[Pkg-libvirt-maintainers] Bug#786650: virt-aa-helper: incomplete apparmor profile
Guido Günther
agx at sigxcpu.org
Wed Aug 19 16:56:46 UTC 2015
Hi,
The release team (righfully asked)
On Fri, Jun 12, 2015 at 10:17:49PM +0200, Felix Geyer wrote:
[..snip..]
> --- libvirt-1.2.16.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper
> +++ libvirt-1.2.16/examples/apparmor/usr.lib.libvirt.virt-aa-helper
> @@ -16,9 +16,16 @@ profile virt-aa-helper /usr/{lib,lib64}/
> owner @{PROC}/[0-9]*/status r,
> @{PROC}/filesystems r,
>
> + /etc/libnl-3/classid r,
> +
While this is needed...
> # for hostdev
> /sys/devices/ r,
> /sys/devices/** r,
> + deny /dev/sd* r,
> + deny /dev/vd* r,
> + deny /dev/dm-* r,
> + deny /dev/mapper/ r,
> + deny /dev/mapper/* r,
...what is this for? We don't have this hunk upstream either.
Cheers,
-- Guido
More information about the Pkg-libvirt-maintainers
mailing list