[Pkg-libvirt-maintainers] Bug#879772: libvirt-daemon-system: Broken with AppArmor on Linux 4.14-rc5
intrigeri at debian.org
intrigeri at debian.org
Wed Oct 25 16:13:49 UTC 2017
Package: libvirt-daemon-system
Version: 3.8.0-3
Severity: important
Tags: patch
User: pkg-apparmor-team at lists.alioth.debian.org
Usertags: linux-4.14
Hi!
Linux 4.14 brings quite a few new AppArmor mediation features that the
libvirt policy is not ready for. I've been running this kernel for 10+
days and the attached patch fixed all the issues I've noticed so far.
It would be nice to have this in sid before Linux 4.14 lands there,
in order to avoid any "OMG AppArmor breaks everything" effect.
Note, if you want to test this: currently more stuff is broken due to
the combination of a kernel bug + a long-term fix of mine
(https://lists.alioth.debian.org/pipermail/pkg-apparmor-team/2017-October/001823.html).
So if you test it locally, please:
- use apparmor 2.11.1 and a recent linux 4.14-rcN
- disable features-files= in /etc/apparmor/parser.conf (until that
kernel bug is fixed)
Cheers,
--
intrigeri
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-AppArmor-add-rules-needed-with-additional-mediation-.patch
Type: text/x-diff
Size: 3167 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/pkg-libvirt-maintainers/attachments/20171025/726445a5/attachment.patch>
More information about the Pkg-libvirt-maintainers
mailing list