On 18.05.2017 21:40, Serge E. Hallyn wrote: > Quoting Guido Günther ([email protected]): >> On Thu, May 18, 2017 at 11:21:54AM -0500, Serge E. Hallyn wrote: >>> Mind you I'm not crazy about this. If this could be toggled with a >>> default-off config option that would seem better than always giving >>> these caps to libvirt-qemu. >> >> virt-aa-helper could add these if it detects a 9pfs file system. That >> would be better than always adding it. > > Agreed
Ok, so at least for now, actually all 9p related changes should not be considered. Does the rest look ok (in particular 1/8 with the additional explanation)? -Stefan > >> Cheers, >> -- Guido >> >>> >>> Quoting Stefan Bader ([email protected]): >>>> From: Serge Hallyn <[email protected]> >>>> >>>> Add fowner and fsetid to libvirt-qemu profile. >>>> >>>> Bug-Ubuntu: https://bugs.launchpad.net/bugs/1378434 >>>> >>>> Signed-off-by: Christian Ehrhardt <[email protected]> >>>> Signed-off-by: Stefan Bader <[email protected]> >>>> --- >>>> examples/apparmor/libvirt-qemu | 4 ++++ >>>> 1 file changed, 4 insertions(+) >>>> >>>> diff --git a/examples/apparmor/libvirt-qemu >>>> b/examples/apparmor/libvirt-qemu >>>> index 89466c9..f04ce04 100644 >>>> --- a/examples/apparmor/libvirt-qemu >>>> +++ b/examples/apparmor/libvirt-qemu >>>> @@ -13,6 +13,10 @@ >>>> capability setgid, >>>> capability setuid, >>>> >>>> + # for 9p >>>> + capability fsetid, >>>> + capability fowner, >>>> + >>>> network inet stream, >>>> network inet6 stream, >>>> >>>> -- >>>> 2.7.4 >>> > > -- > libvir-list mailing list > [email protected] > https://www.redhat.com/mailman/listinfo/libvir-list >
signature.asc
Description: OpenPGP digital signature
-- libvir-list mailing list [email protected] https://www.redhat.com/mailman/listinfo/libvir-list
