A QEMU change (10218ae6d006f76410804cc4dc690085b3d008b5) introduced some libnuma calls that require read access to /sys/devices/system/node/*/cpumap, which currently is forbidden by the standard apparmor profile.
This commit allows read-only access to the file specified above. Closes #515 Signed-off-by: Sergio Durigan Junior <[email protected]> --- src/security/apparmor/libvirt-qemu.in | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/security/apparmor/libvirt-qemu.in b/src/security/apparmor/libvirt-qemu.in index 53f45c3a28..f40f471891 100644 --- a/src/security/apparmor/libvirt-qemu.in +++ b/src/security/apparmor/libvirt-qemu.in @@ -252,6 +252,9 @@ /sys/devices/system/node/node[0-9]*/meminfo r, /sys/module/vhost/parameters/max_mem_regions r, + # Access to libnuma + /sys/devices/system/node/*/cpumap r, + # silence refusals to open lttng files (see LP: #1432644) deny /dev/shm/lttng-ust-wait-* r, deny /run/shm/lttng-ust-wait-* r, -- 2.34.1 _______________________________________________ Devel mailing list -- [email protected] To unsubscribe send an email to [email protected]
