[Pkg-libvirt-maintainers] Bug#786650: virt-aa-helper: incomplete apparmor profile
Guido Günther
agx at sigxcpu.org
Fri Aug 21 08:37:53 UTC 2015
Hi,
On Fri, Aug 21, 2015 at 09:08:46AM +0200, intrigeri wrote:
> Felix Geyer wrote (20 Aug 2015 09:18:59 GMT) :
> > The deny rules aren't strictly necessary but they silence those (harmless) denials.
>
> Thanks for the clarification. I don't think that silencing harmless denials
> qualifies for a stable pu.
Great. Can one of you add this to #796088 - I did but it might make
sense if somebody with more apparmor skills does.
>
> > I'm not quite sure why virt-aa-helper opens the devices in the first place.
> > We need to look into how to push this upstream.
> > Through modifying the helper or the profile.
>
> I've been pushing Stefan Bader to upstream Ubuntu's improvements to
> the libvirt profiles for ~1 year. Patches were sent upstream, but
> last time I checked the package FTBFS'ed once they were applies (some
> autoconf issue IIRC).
It'd be happy to have a look, ideally if we can feed it in small pieces
with knowing what it fixes. Currently looking at the OVMF fix.
Cheers,
-- Guido
More information about the Pkg-libvirt-maintainers
mailing list