On Fri, Aug 7, 2020 at 6:14 PM Daniel P. Berrangé <[email protected]> wrote:
> On Fri, Aug 07, 2020 at 12:21:20PM +0200, Christian Ehrhardt wrote: > > With qemu 5.0 and libvirt 6.6 there are new apparmor denials: > > apparmor="DENIED" operation="umount" profile="libvirtd" > > name="/run/libvirt/qemu/1-kvmguest-groovy-norm.dev/" comm="rpc-worker" > > > > These are related to new issues around devmapper handling [1] and the > > error path triggered by these issues now causes this new denial. > > > > There are already related rules for mounting and it seems right to > > allow also the related umount. > > > > [1]: > https://www.redhat.com/archives/libvir-list/2020-August/msg00236.html > > > > Signed-off-by: Christian Ehrhardt <[email protected]> > > --- > > src/security/apparmor/usr.sbin.libvirtd.in | 1 + > > 1 file changed, 1 insertion(+) > > Reviewed-by: Daniel P. Berrangé <[email protected]> > Thanks for the review - there was no negative feedback so far and in tests this worked fine. I'm committing the changes to not be postponed to close to the next release. > Regards, > Daniel > -- > |: https://berrange.com -o- > https://www.flickr.com/photos/dberrange :| > |: https://libvirt.org -o- > https://fstop138.berrange.com :| > |: https://entangle-photo.org -o- > https://www.instagram.com/dberrange :| > > -- Christian Ehrhardt Staff Engineer, Ubuntu Server Canonical Ltd
