weizhouapache commented on PR #13281:
URL: https://github.com/apache/cloudstack/pull/13281#issuecomment-4576639199
with the changes
u24
```
root@pr13281-t16222-kvm-ubuntu24-kvm1:~# aa-status
apparmor module is loaded.
113 profiles are loaded.
113 profiles are in enforce mode.
/usr/bin/man
/usr/lib/snapd/snap-confine
/usr/lib/snapd/snap-confine//mount-namespace-capture-helper
/usr/sbin/chronyd
1password
Discord
MongoDB Compass
QtWebEngineProcess
balena-etcher
brave
buildah
cam
ch-checkns
ch-run
chrome
crun
devhelp
element-desktop
epiphany
evolution
firefox
flatpak
foliate
geary
github-desktop
goldendict
ipa_verify
kchmviewer
keybase
lc-compliance
libcamerify
libvirtd
libvirtd//qemu_bridge_helper
linux-sandbox
loupe
lsb_release
lxc-attach
lxc-create
lxc-destroy
lxc-execute
lxc-stop
lxc-unshare
lxc-usernsexec
man_filter
man_groff
mmdebstrap
msedge
notepadqq
nvidia_modprobe
nvidia_modprobe//kmod
obsidian
opam
opera
pageedit
plasmashell
plasmashell//QtWebEngineProcess
podman
polypane
privacybrowser
qcam
qmapshack
qutebrowser
rootlesskit
rpm
rssguard
rsyslogd
runc
sbuild
sbuild-abort
sbuild-adduser
sbuild-apt
sbuild-checkpackages
sbuild-clean
sbuild-createchroot
sbuild-destroychroot
sbuild-distupgrade
sbuild-hold
sbuild-shell
sbuild-unhold
sbuild-update
sbuild-upgrade
scide
signal-desktop
slack
slirp4netns
steam
stress-ng
surfshark
swtpm
systemd-coredump
tcpdump
thunderbird
toybox
transmission-cli
transmission-daemon
transmission-gtk
transmission-qt
trinity
tup
tuxedo-control-center
ubuntu_pro_apt_news
unix-chkpwd
unprivileged_userns
userbindmount
uwsgi-core
vdens
virt-aa-helper
virtiofsd
vivaldi-bin
vpnns
vscode
wike
wpcom
0 profiles are in complain mode.
0 profiles are in prompt mode.
0 profiles are in kill mode.
0 profiles are in unconfined mode.
4 processes have profiles defined.
4 processes are in enforce mode.
/usr/sbin/chronyd (949)
/usr/sbin/chronyd (957)
/usr/sbin/libvirtd (13184) libvirtd
/usr/sbin/rsyslogd (927) rsyslogd
0 processes are in complain mode.
0 processes are in prompt mode.
0 processes are in kill mode.
0 processes are unconfined but have a profile defined.
0 processes are in mixed mode.
root@pr13281-t16222-kvm-ubuntu24-kvm1:~# grep ^security
/etc/libvirt/qemu.conf
security_driver="none"
```
debian12
```
root@pr13281-t16223-kvm-debian12-kvm1:~# aa-status
apparmor module is loaded.
15 profiles are loaded.
15 profiles are in enforce mode.
/usr/bin/man
/usr/lib/NetworkManager/nm-dhcp-client.action
/usr/lib/NetworkManager/nm-dhcp-helper
/usr/lib/connman/scripts/dhclient-script
/usr/sbin/chronyd
/{,usr/}sbin/dhclient
libvirtd
libvirtd//qemu_bridge_helper
lsb_release
man_filter
man_groff
nvidia_modprobe
nvidia_modprobe//kmod
tcpdump
virt-aa-helper
0 profiles are in complain mode.
0 profiles are in kill mode.
0 profiles are in unconfined mode.
3 processes have profiles defined.
3 processes are in enforce mode.
/usr/sbin/chronyd (1818)
/usr/sbin/chronyd (1819)
/usr/sbin/libvirtd (44766) libvirtd
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
0 processes are in mixed mode.
0 processes are in kill mode.
root@pr13281-t16223-kvm-debian12-kvm1:~# grep ^security
/etc/libvirt/qemu.conf
security_driver="none"
```
oraclelinux 8
```
[root@pr13281-t16220-kvm-ol8-kvm1 ~]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Memory protection checking: actual (secure)
Max kernel policy version: 31
[root@pr13281-t16220-kvm-ol8-kvm1 ~]# grep ^security /etc/libvirt/qemu.conf
security_driver="none"
```
suse15
```
pr13281-t16224-kvm-suse15-kvm1:~ # aa-status
apparmor module is loaded.
64 profiles are loaded.
64 profiles are in enforce mode.
/usr/bin/lessopen.sh
apache2
apache2//DEFAULT_URI
apache2//HANDLING_UNTRUSTED_INPUT
apache2//phpsysinfo
avahi-daemon
dnsmasq
dnsmasq//libvirt_leaseshelper
dovecot
dovecot-anvil
dovecot-auth
dovecot-config
dovecot-deliver
dovecot-dict
dovecot-director
dovecot-doveadm-server
dovecot-dovecot-auth
dovecot-dovecot-lda
dovecot-dovecot-lda//sendmail
dovecot-imap
dovecot-imap-login
dovecot-lmtp
dovecot-log
dovecot-managesieve
dovecot-managesieve-login
dovecot-pop3
dovecot-pop3-login
dovecot-replicator
dovecot-script-login
dovecot-ssl-params
dovecot-stats
identd
klogd
libvirtd
libvirtd//qemu_bridge_helper
lsb_release
mdnsd
nmbd
nscd
ntpd
nvidia_modprobe
nvidia_modprobe//kmod
php-fpm
ping
samba-bgqd
samba-dcerpcd
samba-rpcd
samba-rpcd-classic
samba-rpcd-spoolss
smbd
smbldap-useradd
smbldap-useradd///etc/init.d/nscd
syslog-ng
syslogd
traceroute
unix-chkpwd
virt-aa-helper
virtqemud
virtqemud//qemu_bridge_helper
virtxend
winbindd
zgrep
zgrep//helper
zgrep//sed
0 profiles are in complain mode.
0 profiles are in kill mode.
0 profiles are in unconfined mode.
2 processes have profiles defined.
2 processes are in enforce mode.
/usr/sbin/libvirtd (8137) libvirtd
/usr/sbin/nscd (862) nscd
0 processes are in complain mode.
0 processes are unconfined but have a profile defined.
0 processes are in mixed mode.
0 processes are in kill mode.
pr13281-t16224-kvm-suse15-kvm1:~ # grep ^security /etc/libvirt/qemu.conf
security_driver="none"
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
