subject:"\[libvirt\] \[PATCH 7\/8\] appmor, libvirt\-qemu\: Add 9p support"

Re: [libvirt] [PATCH 7/8] appmor, libvirt-qemu: Add 9p support

2017-05-19 Thread Stefan Bader

On 18.05.2017 21:40, Serge E. Hallyn wrote:
> Quoting Guido Günther (a...@sigxcpu.org):
>> On Thu, May 18, 2017 at 11:21:54AM -0500, Serge E. Hallyn wrote:
>>> Mind you I'm not crazy about this.  If this could be toggled with a
>>> default-off config option that would seem better than always giving
>>> these caps to libvirt-qemu.
>>
>> virt-aa-helper could add these if it detects a 9pfs file system. That
>> would be better than always adding it.
> 
> Agreed

Ok, so at least for now, actually all 9p related changes should not be
considered. Does the rest look ok (in particular 1/8 with the additional
explanation)?

-Stefan

> 
>> Cheers,
>>  -- Guido
>>
>>>
>>> Quoting Stefan Bader (stefan.ba...@canonical.com):
 From: Serge Hallyn 

 Add fowner and fsetid to libvirt-qemu profile.

 Bug-Ubuntu: https://bugs.launchpad.net/bugs/1378434

 Signed-off-by: Christian Ehrhardt 
 Signed-off-by: Stefan Bader 
 ---
  examples/apparmor/libvirt-qemu | 4 
  1 file changed, 4 insertions(+)

 diff --git a/examples/apparmor/libvirt-qemu 
 b/examples/apparmor/libvirt-qemu
 index 89466c9..f04ce04 100644
 --- a/examples/apparmor/libvirt-qemu
 +++ b/examples/apparmor/libvirt-qemu
 @@ -13,6 +13,10 @@
capability setgid,
capability setuid,
  
 +  # for 9p
 +  capability fsetid,
 +  capability fowner,
 +
network inet stream,
network inet6 stream,
  
 -- 
 2.7.4
>>>
> 
> --
> libvir-list mailing list
> libvir-list@redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
> 




signature.asc
Description: OpenPGP digital signature
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 7/8] appmor, libvirt-qemu: Add 9p support

2017-05-18 Thread Serge E. Hallyn

Quoting Guido Günther (a...@sigxcpu.org):
> On Thu, May 18, 2017 at 11:21:54AM -0500, Serge E. Hallyn wrote:
> > Mind you I'm not crazy about this.  If this could be toggled with a
> > default-off config option that would seem better than always giving
> > these caps to libvirt-qemu.
> 
> virt-aa-helper could add these if it detects a 9pfs file system. That
> would be better than always adding it.

Agreed

> Cheers,
>  -- Guido
> 
> > 
> > Quoting Stefan Bader (stefan.ba...@canonical.com):
> > > From: Serge Hallyn 
> > > 
> > > Add fowner and fsetid to libvirt-qemu profile.
> > > 
> > > Bug-Ubuntu: https://bugs.launchpad.net/bugs/1378434
> > > 
> > > Signed-off-by: Christian Ehrhardt 
> > > Signed-off-by: Stefan Bader 
> > > ---
> > >  examples/apparmor/libvirt-qemu | 4 
> > >  1 file changed, 4 insertions(+)
> > > 
> > > diff --git a/examples/apparmor/libvirt-qemu 
> > > b/examples/apparmor/libvirt-qemu
> > > index 89466c9..f04ce04 100644
> > > --- a/examples/apparmor/libvirt-qemu
> > > +++ b/examples/apparmor/libvirt-qemu
> > > @@ -13,6 +13,10 @@
> > >capability setgid,
> > >capability setuid,
> > >  
> > > +  # for 9p
> > > +  capability fsetid,
> > > +  capability fowner,
> > > +
> > >network inet stream,
> > >network inet6 stream,
> > >  
> > > -- 
> > > 2.7.4
> > 

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 7/8] appmor, libvirt-qemu: Add 9p support

2017-05-18 Thread Guido Günther

On Thu, May 18, 2017 at 11:21:54AM -0500, Serge E. Hallyn wrote:
> Mind you I'm not crazy about this.  If this could be toggled with a
> default-off config option that would seem better than always giving
> these caps to libvirt-qemu.

virt-aa-helper could add these if it detects a 9pfs file system. That
would be better than always adding it.
Cheers,
 -- Guido

> 
> Quoting Stefan Bader (stefan.ba...@canonical.com):
> > From: Serge Hallyn 
> > 
> > Add fowner and fsetid to libvirt-qemu profile.
> > 
> > Bug-Ubuntu: https://bugs.launchpad.net/bugs/1378434
> > 
> > Signed-off-by: Christian Ehrhardt 
> > Signed-off-by: Stefan Bader 
> > ---
> >  examples/apparmor/libvirt-qemu | 4 
> >  1 file changed, 4 insertions(+)
> > 
> > diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
> > index 89466c9..f04ce04 100644
> > --- a/examples/apparmor/libvirt-qemu
> > +++ b/examples/apparmor/libvirt-qemu
> > @@ -13,6 +13,10 @@
> >capability setgid,
> >capability setuid,
> >  
> > +  # for 9p
> > +  capability fsetid,
> > +  capability fowner,
> > +
> >network inet stream,
> >network inet6 stream,
> >  
> > -- 
> > 2.7.4
> 

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 7/8] appmor, libvirt-qemu: Add 9p support

2017-05-18 Thread Serge E. Hallyn

Mind you I'm not crazy about this.  If this could be toggled with a
default-off config option that would seem better than always giving
these caps to libvirt-qemu.

Quoting Stefan Bader (stefan.ba...@canonical.com):
> From: Serge Hallyn 
> 
> Add fowner and fsetid to libvirt-qemu profile.
> 
> Bug-Ubuntu: https://bugs.launchpad.net/bugs/1378434
> 
> Signed-off-by: Christian Ehrhardt 
> Signed-off-by: Stefan Bader 
> ---
>  examples/apparmor/libvirt-qemu | 4 
>  1 file changed, 4 insertions(+)
> 
> diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
> index 89466c9..f04ce04 100644
> --- a/examples/apparmor/libvirt-qemu
> +++ b/examples/apparmor/libvirt-qemu
> @@ -13,6 +13,10 @@
>capability setgid,
>capability setuid,
>  
> +  # for 9p
> +  capability fsetid,
> +  capability fowner,
> +
>network inet stream,
>network inet6 stream,
>  
> -- 
> 2.7.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH 7/8] appmor, libvirt-qemu: Add 9p support

2017-05-18 Thread Stefan Bader

From: Serge Hallyn 

Add fowner and fsetid to libvirt-qemu profile.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/1378434

Signed-off-by: Christian Ehrhardt 
Signed-off-by: Stefan Bader 
---
 examples/apparmor/libvirt-qemu | 4 
 1 file changed, 4 insertions(+)

diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
index 89466c9..f04ce04 100644
--- a/examples/apparmor/libvirt-qemu
+++ b/examples/apparmor/libvirt-qemu
@@ -13,6 +13,10 @@
   capability setgid,
   capability setuid,
 
+  # for 9p
+  capability fsetid,
+  capability fowner,
+
   network inet stream,
   network inet6 stream,
 
-- 
2.7.4

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 7/8] appmor, libvirt-qemu: Add 9p support

Re: [libvirt] [PATCH 7/8] appmor, libvirt-qemu: Add 9p support

Re: [libvirt] [PATCH 7/8] appmor, libvirt-qemu: Add 9p support

Re: [libvirt] [PATCH 7/8] appmor, libvirt-qemu: Add 9p support

[libvirt] [PATCH 7/8] appmor, libvirt-qemu: Add 9p support

5 matches

Site Navigation

Mail list logo

Footer information