Hi,
Guido Günther wrote (21 Aug 2015 13:33:50 GMT) :
On Fri, Aug 21, 2015 at 11:12:33AM +0200, intrigeri wrote:
The path I would prefer is: submit an updated debdiff that does not
contain these bonus deny rules. I could prepare it if we agree on
that, assuming the current state of this stable
Hi,
On Mon, Aug 24, 2015 at 11:12:33AM +0200, intrigeri wrote:
Hi,
Guido Günther wrote (21 Aug 2015 13:33:50 GMT) :
On Fri, Aug 21, 2015 at 11:12:33AM +0200, intrigeri wrote:
The path I would prefer is: submit an updated debdiff that does not
contain these bonus deny rules. I could
intrigeri wrote (24 Aug 2015 09:12:33 GMT) :
Once the Git repo is up-to-date, I'll send an updated debdiff to the
release team.
Done.
Hi,
On Fri, Aug 21, 2015 at 11:12:33AM +0200, intrigeri wrote:
Hi,
Guido Günther wrote (21 Aug 2015 08:37:53 GMT) :
On Fri, Aug 21, 2015 at 09:08:46AM +0200, intrigeri wrote:
Felix Geyer wrote (20 Aug 2015 09:18:59 GMT) :
The deny rules aren't strictly necessary but they silence those
Felix Geyer wrote (20 Aug 2015 09:18:59 GMT) :
The deny rules aren't strictly necessary but they silence those (harmless)
denials.
Thanks for the clarification. I don't think that silencing harmless denials
qualifies for a stable pu.
I'm not quite sure why virt-aa-helper opens the devices in
Hi,
Guido Günther wrote (21 Aug 2015 08:37:53 GMT) :
On Fri, Aug 21, 2015 at 09:08:46AM +0200, intrigeri wrote:
Felix Geyer wrote (20 Aug 2015 09:18:59 GMT) :
The deny rules aren't strictly necessary but they silence those (harmless)
denials.
Thanks for the clarification. I don't think
Hi,
On Fri, Aug 21, 2015 at 09:08:46AM +0200, intrigeri wrote:
Felix Geyer wrote (20 Aug 2015 09:18:59 GMT) :
The deny rules aren't strictly necessary but they silence those (harmless)
denials.
Thanks for the clarification. I don't think that silencing harmless denials
qualifies for a
Guido Günther wrote (19 Aug 2015 16:56:46 GMT) :
# for hostdev
/sys/devices/ r,
/sys/devices/** r,
+ deny /dev/sd* r,
+ deny /dev/vd* r,
+ deny /dev/dm-* r,
+ deny /dev/mapper/ r,
+ deny /dev/mapper/* r,
...what is this for? We don't have this hunk upstream either.
It
On 20.08.2015 09:54, intrigeri wrote:
Guido Günther wrote (19 Aug 2015 16:56:46 GMT) :
# for hostdev
/sys/devices/ r,
/sys/devices/** r,
+ deny /dev/sd* r,
+ deny /dev/vd* r,
+ deny /dev/dm-* r,
+ deny /dev/mapper/ r,
+ deny /dev/mapper/* r,
...what is this for? We don't
Hi,
The release team (righfully asked)
On Fri, Jun 12, 2015 at 10:17:49PM +0200, Felix Geyer wrote:
[..snip..]
--- libvirt-1.2.16.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper
+++ libvirt-1.2.16/examples/apparmor/usr.lib.libvirt.virt-aa-helper
@@ -16,9 +16,16 @@ profile virt-aa-helper
Hi,
Guido Günther wrote (13 Jun 2015 11:09:36 GMT) :
Thanks. In case anybody wants to test this:
http://honk.sigxcpu.org/projects/libvirt/snapshots/
I've applied these changes to usr.lib.libvirt.virt-aa-helper locally
(current sid modulo gcc-5 transition), reloaded that profile,
restarted
Hi,
On Tue, Aug 11, 2015 at 09:04:35PM +0200, intrigeri wrote:
Hi,
Guido Günther wrote (13 Jun 2015 11:09:36 GMT) :
Thanks. In case anybody wants to test this:
http://honk.sigxcpu.org/projects/libvirt/snapshots/
I've applied these changes to usr.lib.libvirt.virt-aa-helper locally
On Fri, Jun 12, 2015 at 10:17:49PM +0200, Felix Geyer wrote:
Hi,
On Sun, 24 May 2015 16:51:27 + Luke Faraone lfara...@debian.org wrote:
On Sun, 2015-05-24 at 09:43 +0200, Guido Günther wrote:
Hi,
thanks for the patch.
On Sun, May 24, 2015 at 12:14:48AM +, Luke Faraone
Hi,
On Sun, 24 May 2015 16:51:27 + Luke Faraone lfara...@debian.org wrote:
On Sun, 2015-05-24 at 09:43 +0200, Guido Günther wrote:
Hi,
thanks for the patch.
On Sun, May 24, 2015 at 12:14:48AM +, Luke Faraone wrote:
[..snip..]
--- usr.lib.libvirt.virt-aa-helper
On Sun, 2015-05-24 at 09:43 +0200, Guido Günther wrote:
Hi,
thanks for the patch.
On Sun, May 24, 2015 at 12:14:48AM +, Luke Faraone wrote:
[..snip..]
--- usr.lib.libvirt.virt-aa-helper 2015-05-23 23:43:44.751750819 +
+++ /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper 2015-05-24
Hi,
thanks for the patch.
On Sun, May 24, 2015 at 12:14:48AM +, Luke Faraone wrote:
[..snip..]
--- usr.lib.libvirt.virt-aa-helper2015-05-23 23:43:44.751750819 +
+++ /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper2015-05-24
00:03:13.039766331 +
@@ -1,7 +1,7 @@
# Last
Package: libvirt-daemon-system
Version: 1.2.9-9
Severity: normal
File: /etc/apparmor.d/libvirt/TEMPLATE.qemu
Tags: patch
On attempting to create a new virtual machine with KVM:
May 23 23:26:39 aqua kernel: [ 318.993668] audit: type=1400
audit(1432423599.343:63): apparmor=DENIED operation=open
17 matches
Mail list logo
