[Pkg-libvirt-maintainers] Bug#786650: virt-aa-helper: incomplete apparmor profile

Felix Geyer fgeyer at debian.org
Thu Aug 20 09:18:59 UTC 2015


On 20.08.2015 09:54, intrigeri wrote:
> Guido Günther wrote (19 Aug 2015 16:56:46 GMT) :
>>>    # for hostdev
>>>    /sys/devices/ r,
>>>    /sys/devices/** r,
>>> +  deny /dev/sd* r,
>>> +  deny /dev/vd* r,
>>> +  deny /dev/dm-* r,
>>> +  deny /dev/mapper/ r,
>>> +  deny /dev/mapper/* r,
>> ...what is this for? We don't have this hunk upstream either.
> It apparently comes from the Ubuntu delta.
>
> I'll try to bzr branch
> https://code.launchpad.net/~ubuntu-branches/ubuntu/wily/libvirt/wily
> later (likely not today) and see if there's an explanation in there.
>
> Felix or anyone else, feel free to be faster than me :)

That bzr tree hasn't been updated in a long while.

The deny rules aren't strictly necessary but they silence those (harmless) denials.
I'm not quite sure why virt-aa-helper opens the devices in the first place.

We need to look into how to push this upstream.
Through modifying the helper or the profile.

Cheers,
Felix



More information about the Pkg-libvirt-maintainers mailing list