On 08/11/2015 03:44 PM, Felix Geyer wrote: > Hi, > > On 11.08.2015 22:32, Jamie Strandboge wrote: >> It is missing in both Ubuntu and Debian. src/security/virt-aa-helper.c needs >> to >> update override[] in valid_path() to have '/usr/share/ovmf/'. I'll comment in >> the Ubuntu bug. > > Maybe I'm missing something but the blacklist in valid_path() seems overly > paranoid. > Allowing it to add read-only access to files from /usr/share should be > harmless. > Especially considering it can allow write access to /home, /root and /dev > (yes, I know > it has to). > valid_path() is checking for what is valid to add to the guests profile. It is paranoid because guests should have only the most limited access to the host possible.
-- Jamie Strandboge http://www.ubuntu.com/
signature.asc
Description: OpenPGP digital signature
-- AppArmor mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/apparmor
