[Pkg-libvirt-maintainers] Bug#1086844: passt: apparmor profile breaks passt in libguestfs
Richard W.M. Jones
rjones at redhat.com
Thu Nov 28 10:46:35 GMT 2024
On Wed, Nov 27, 2024 at 10:39:18PM +0100, Hilko Bengen wrote:
> * Stefano Brivio:
>
> > Control: reassign 1086844 guestfs-tools
> >
> > So, I went ahead and submitted a proposal for a very loose initial
> > AppArmor profile for guestfs-tools:
> >
> > https://salsa.debian.org/libvirt-team/guestfs-tools/-/merge_requests/1
> >
> > I checked functionality of several tools, with and without passt, as
> > root and as regular user, etc. Outside of the passt subprofile, rules
> > should be loose enough as to be quite unlikely to introduce any issue.
>
> Stefano, I have added your patch to the package and uploaded a new
> version. Thanks.
>
> Rich, do you think the AppArmor policy should be part of the upstream
> source distribution?
I don't really have an opinion on it. For SELinux policies, they have
traditionally been shipped monolithically downstream. But in a
relatively recent change some are now shipped upstream, eg the one for
passt is here:
https://passt.top/passt/tree/contrib/selinux
I think my only concern is how portable AppArmor policies are between
distros that use them. (I think for SELinux, they're not very
portable between eg. Fedora & SUSE).
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-p2v converts physical machines to virtual machines. Boot with a
live CD or over the network (PXE) and turn machines into KVM guests.
http://libguestfs.org/virt-v2v
More information about the Pkg-libvirt-maintainers
mailing list