from:"intrigeri"

[libvirt] Tails bounty for supporting the 'removable' flag for USB disks

2013-03-18 Thread intrigeri

. Ticket: https://bugzilla.redhat.com/show_bug.cgi?id=922495 Thanks for your work on libvirt! Cheers, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc -- libvir-list mailing list

Re: [libvirt] [PATCH 2/2] qemu: Support setting the 'removable' flag for USB disks

2013-08-08 Thread intrigeri

-submitting. What is missing to get these patches merged, then? (Apart of porting them to the latest version again, of course :) Regards, -- intrigeri | GnuPG key @ https://gaffer.ptitcanardnoir.org/intrigeri/intrigeri.asc | OTR fingerprint @ https://gaffer.ptitcanardnoir.org/intrigeri/otr.asc

Re: [libvirt] [PATCH/RFC] Add missing delta from Ubuntu to apparmor profiles

2014-10-06 Thread intrigeri

distro shipping a different version writes the same kind of hacks. Cheers, -- intrigeri -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH/RFC] Add missing delta from Ubuntu to apparmor profiles

2014-10-18 Thread intrigeri

, -- intrigeri -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH/RFC] Add missing delta from Ubuntu to apparmor profiles

2014-10-19 Thread intrigeri

]: Leaving directory '/tmp/buildd/libvirt-1.2.9/debian/build' dh_auto_build: make -j5 returned exit code 2 debian/rules:126: recipe for target 'build' failed make: *** [build] Error 2 Any hint? Cheers, -- intrigeri -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com

Re: [libvirt] [PATCH/RFC] Add missing delta from Ubuntu to apparmor profiles

2015-02-11 Thread intrigeri

Hi Stefan and others, Stefan Bader wrote (21 Oct 2014 11:50:24 GMT) : On 20.10.2014 12:48, Stefan Bader wrote: On 19.10.2014 17:07, intrigeri wrote: Cool, I've tested this. I've imported these two patches in Debian's 1.2.9-3 quilt series, made the build system use dh-autoreconf (the build

Re: [libvirt] [PATCH/RFC] Add missing delta from Ubuntu to apparmor profiles

2015-05-19 Thread intrigeri

Hi Stefan, any news on what follows? Now that Ubuntu 15.04 has been released, perhaps you'll be able to allocate some cycles to it? :) intrigeri wrote (11 Feb 2015 14:58:54 GMT) : Hi Stefan and others, Stefan Bader wrote (21 Oct 2014 11:50:24 GMT) : On 20.10.2014 12:48, Stefan Bader wrote

Re: [libvirt] [PATCH/RFC] Add missing delta from Ubuntu to apparmor profiles

2015-06-15 Thread intrigeri

will try to find my most recent proposal again and try to get it moved into present state of packages. Thanks! Cheers, -- intrigeri -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [patch] Add support for OVMF in virt-aa-helper [Was: [apparmor] virt-aa-helper: does not support OVMF?]

2015-08-13 Thread intrigeri

, the proposed logic looks fine to me. I'm not skilled enough at C to review the actual patch, though. Cheers, -- intrigeri -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 2/2] virt-aa-helper: allow access to /usr/share/ovmf/

2015-08-21 Thread intrigeri

Hi, this patchset breaks the test suite for me once applied on top of the debian/experimental branch (while the test suite passes fine without these patches there). Sorry, no time to look into it further today. Cheers, -- intrigeri -- libvir-list mailing list libvir-list@redhat.com https

Re: [libvirt] [PATCH v2 0/3] virt-aa-helper: allow to add R/O files in restricted dirs

2015-08-24 Thread intrigeri

. Thanks! Cheers, -- intrigeri -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [patch] Add support for OVMF in virt-aa-helper [Was: [apparmor] virt-aa-helper: does not support OVMF?]

2015-08-12 Thread intrigeri

in my environment (applied on top of 1.2.18) so I'm forwarding it here. [1] https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1483071 Cheers, -- intrigeri From 0b1f1318125a8f9d4460641b6d216d7657dc0d1e Mon Sep 17 00:00:00 2001 From: intrigeri intrig...@debian.org Date: Wed, 12 Aug 2015 14:48:53

Re: [libvirt] [PATCH/RFC] Add missing delta from Ubuntu to apparmor profiles

2016-05-09 Thread intrigeri

Hi, > Stefan Bader wrote (20 May 2015 10:11:45 GMT) : > intrigeri wrote (15 Jun 2015 15:09:11 GMT) : > My (possibly incomplete) records say that I've tested the latest > proposed patch set back in February (<85iof8v6j5@boum.org>). >> Since I lost most context by no

Re: [libvirt] The libvirt Release Notes Game, v3.0.0 edition

2017-01-19 Thread intrigeri

better :) Cheers, -- intrigeri -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH] AppArmor: allow QEMU to set_process_name.

2016-12-12 Thread intrigeri

https://bugzilla.redhat.com/show_bug.cgi?id=1369281 --- examples/apparmor/libvirt-qemu | 3 +++ 1 file changed, 3 insertions(+) diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu index 11381d4df0..fdb5a23291 100644 --- a/examples/apparmor/libvirt-qemu +++

Re: [libvirt] [PATCH] AppArmor policy: support merged-/usr.

2016-12-12 Thread intrigeri

Hi, Jamie Strandboge: > Changes LGTM. [Disclaimer: I'm new to submitting patches to libvirt.] What's the process to get this merged, now that Jamie has ack'ed the proposed changes? Cheers, -- intrigeri -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listi

[libvirt] [PATCH] AppArmor: allow QEMU to set_process_name. (v2)

2016-12-06 Thread intrigeri

https://bugzilla.redhat.com/show_bug.cgi?id=1369281 --- examples/apparmor/libvirt-qemu | 1 + 1 file changed, 1 insertion(+) diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu index 11381d4df0..10d2ac958c 100644 --- a/examples/apparmor/libvirt-qemu +++

Re: [libvirt] [PATCH] AppArmor: allow QEMU to set_process_name.

2016-12-06 Thread intrigeri

Jamie Strandboge: > This rule would allow any confined guest to change the 'comm' value of any > task > on the system, if the system otherwise allowed it. Right. Fixed with the 'owner' prefix in my v2 patch, as suggested by Christian. Cheers, -- intrigeri -- libvir-list mailing li

Re: [libvirt] [PATCH] AppArmor: allow QEMU to set_process_name.

2016-12-17 Thread intrigeri

anywhere in our docs, but it makes sense if >> there is a need for anything related to attributions or copyrights. > I just assumed "intrigeri" is a real name :-) I have no ID with "intrigeri" written on it, so you may consider it's not a "real name". However,

[libvirt] [PATCH] AppArmor policy: support merged-/usr.

2016-12-03 Thread intrigeri

From: intrigeri <intrig...@debian.org> --- examples/apparmor/libvirt-qemu | 8 examples/apparmor/usr.lib.libvirt.virt-aa-helper | 2 +- examples/apparmor/usr.sbin.libvirtd | 4 ++-- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/ex

[libvirt] [PATCH] AppArmor: allow QEMU to set_process_name.

2016-12-05 Thread intrigeri

https://bugzilla.redhat.com/show_bug.cgi?id=1369281 --- examples/apparmor/libvirt-qemu | 1 + 1 file changed, 1 insertion(+) diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu index 11381d4df0..a07291d583 100644 --- a/examples/apparmor/libvirt-qemu +++

Re: [libvirt] [PATCH] apparmor: pass attach_disconnected

2016-12-19 Thread intrigeri

ot;open" info="Failed name lookup - disconnected > path" error=-13 profile="/usr/sbin/libvirtd" name="" pid=1422 comm="libvirtd" > requested_mask="r" denied_mask="r" fsuid=0 ouid=0 > --- > Thanks to intrigeri for the suggestion! Te

Re: [libvirt] [PATCH] virt-aa-helper: locking disk files for qemu 2.10

2017-08-11 Thread intrigeri

-level AppArmor perspective, the proposed change seems entirely harmless. Cheers, -- intrigeri -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH] apparmor, libvirt-qemu: Allow QEMU to gather information about available host resources.

2017-08-09 Thread intrigeri

--- examples/apparmor/libvirt-qemu | 6 ++ 1 file changed, 6 insertions(+) diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu index f462d7428c..dcfb1a5985 100644 --- a/examples/apparmor/libvirt-qemu +++ b/examples/apparmor/libvirt-qemu @@ -169,3 +169,9 @@

Re: [libvirt] [PATCH] apparmor: cater for new AAVMF image location

2017-09-18 Thread intrigeri

gt; +"/usr/share/qemu-efi/", /* for AAVMF images */ >> +"/usr/share/qemu-efi-aarch64/" /* for AAVMF images */ >> }; >> /* override the above with these */ >> const char * const override[] = { > +1. LGTM +1 too after verifyi

Re: [libvirt] [PATCH] apparmor: add attach_disconnected

2017-09-18 Thread intrigeri

Hi, Jamie Strandboge: > On Fri, 2017-09-15 at 17:17 +0200, Guido Günther wrote: >> Otherwise we fail to reconnect to /dev/net/tun opened by libvirtd >> like I confirm I see the bug on current Debian sid and Guido's patch fixes it. Please commit :) Cheers, -- intrigeri -- libv

Re: [libvirt] How to implement pool support in virt-aa-helper?

2017-09-19 Thread intrigeri

l for :) Take care, cheers, -- intrigeri -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] apparmor: allow qemu abstraction to read /proc/pid/cmdline

2017-12-01 Thread intrigeri

use, so I was wondering if we should allow this operation or just ignore the denial & silence the logs. Now that we understand what it is about, I agree we should allow it. Denying this access would make it harder to debug issues in the future e.g. if QEMU ever starts needing it for other, more cri

Re: [libvirt] [PATCH] apparmor: add ptrace/mediation rules for unconfined guests

2017-12-16 Thread intrigeri

an mentioned, we > discussed that this is the best option for the moment. +1 to apply. > Thanks for the patch! Same here, these rules are much less problematic than they look like at first glance ⇒ +1 Cheers, -- intrigeri -- libvir-list mailing list libvir-list@redhat.com https://www.

Re: [libvirt] [PATCH] virt-aa-helper: handle more disk images

2017-12-20 Thread intrigeri

Hi, Cedric Bosdonnat: > Has that one landed in abyssal depths of the mailing list? Well, no, it's waiting for your comments about my feedback: https://www.redhat.com/archives/libvir-list/2017-December/msg00389.html Thanks for pinging! (Sorry I did not put you in explicit copy, I assumed you

Re: [libvirt] [PATCH 02/12] apparmor, libvirt-qemu: Silence lttng related deny messages

2017-12-20 Thread intrigeri

ugging, with these added rules it'll be hard to discover why it does not work. Thanks in advance! Cheers, -- intrigeri -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 01/12] apparmor, libvirt-qemu: Allow use of sgabios

2017-12-20 Thread intrigeri

Jamie Strandboge: >> --- a/examples/apparmor/libvirt-qemu >> +++ b/examples/apparmor/libvirt-qemu >> @@ -81,6 +81,7 @@ >>/usr/share/proll/** r, >>/usr/share/vgabios/** r, >>/usr/share/seabios/** r, >> + /usr/share/misc/sgabios.bin r, >>/usr/share/ovmf/** r, >>

Re: [libvirt] [PATCH 04/12] apparmor, libvirt-qemu: Allow read access to max_mem_regions

2017-12-20 Thread intrigeri

Christian Ehrhardt: > Allows read access to /sys/module/vhost/parameters/max_mem_regions. Same as patch 03, already done back in August. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 03/12] apparmor, libvirt-qemu: Allow read access to sysfs system info

2017-12-20 Thread intrigeri

s/devices/**/usb[0-9]*/** r, I think I've already upstream'ed this 4 months ago: commit e7f5d627f93c1c71260d2a795a1227b16b0d3186. Maybe rebase your patch series on top of the current upstream master branch? :) Cheers, -- intrigeri -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH v2] apparmor, libvirt-qemu: Allow qemu-block-extra libraries

2017-12-20 Thread intrigeri

Christian Ehrhardt: > From: Jamie Strandboge > Allows (multi-arch enabled) access to libraries under the > /usr/lib/@{multiarch}/qemu/*.so path in the Debian/Ubuntu > qemu-block-extra package and all such libs for the paths > of rpm qemu-block-* packages. > Bug-Ubuntu:

Re: [libvirt] [PATCH 07/12] apparmor, libvirt-qemu: add default pki path of lbvirt-spice

2017-12-20 Thread intrigeri

140) /etc/pki/CA/ r, /etc/pki/CA/* r, /etc/pki/libvirt{,-spice,-vnc}/ r, /etc/pki/libvirt{,-spice,-vnc}/** r, What do you think? Cheers, -- intrigeri -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH 12/12] apparmor, virt-aa-helper: Allow access to /sys/bus/usb/devices

2017-12-20 Thread intrigeri

Hi, Jamie Strandboge: > On Tue, 2017-12-19 at 16:03 +0100, Christian Ehrhardt wrote: >> examples/apparmor/usr.lib.libvirt.virt-aa-helper | 2 ++ >> 1 file changed, 2 insertions(+) >> >> diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper >>

Re: [libvirt] [PATCH 11/12] apparmor, virt-aa-helper: Allow access to ecryptfs files

2017-12-20 Thread intrigeri

ese... I concur with Jamie: I'd rather can avoid spreading copies of these rules around if we can. Cheers, -- intrigeri -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH v2] apparmor, libvirt-qemu: add default pki path of libvirt-spice

2017-12-20 Thread intrigeri

Christian Ehrhardt: > Adding the PKI path that is used as default suggestion in src/qemu/qemu.conf > If people use non-default paths they should use local overrides but the > suggested defaults we should open up. > This is the default path as referenced by src/qemu/qemu.conf in libvirt. > While

Re: [libvirt] [PATCH] AppArmor: add rules needed with additional mediation features brought by Linux 4.14.

2017-11-05 Thread intrigeri

Hi, thanks Jamie for this review. All your suggestions make sense to me, I'll implement + test them and will re-submit as v3. Cheers, -- intrigeri -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] virt-aa-helper: handle more disk images

2017-12-12 Thread intrigeri

Hi, Cédric Bosdonnat: > This commit helps users allowing access to their images by adding their > own rules in apparmor.d/local/usr.lib.libvirt.virt-aa-helper. > […] > profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper { >#include > + #include The packaging helper we use in

[libvirt] [PATCH] AppArmor: add rules needed with additional mediation features brought by Linux 4.14.

2017-10-25 Thread intrigeri

--- examples/apparmor/libvirt-qemu | 2 ++ examples/apparmor/usr.sbin.libvirtd | 9 + 2 files changed, 11 insertions(+) diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu index b341e31f42..5994a35042 100644 --- a/examples/apparmor/libvirt-qemu +++

Re: [libvirt] [PATCH] AppArmor: add rules needed with additional mediation features brought by Linux 4.14.

2017-10-25 Thread intrigeri

intrigeri: > + network unix dgram, > + network unix stream, Hold on, these two rules are probably not needed (chances are that they were needed due to a bug in the AppArmor parser, that got fixed in 2.11.1). I'll double-check tomorrow. Sorry for the noise! -- libvir-list mailing list

Re: [libvirt] [PATCH 02/12] apparmor, libvirt-qemu: Silence lttng related deny messages

2017-12-21 Thread intrigeri

Christian Ehrhardt: > Great point intrigeri! > #1 > At least as far as my history analysis went this was triggered by ceph > having the support for lttng enabled. > Not by actually (trying to) enable the LTT-ng tracking. > While being disabled in ceph package since the

Re: [libvirt] [PATCH] virt-aa-helper: handle more disk images

2017-12-21 Thread intrigeri

Hi, Cedric Bosdonnat: > On Tue, 2017-12-12 at 15:01 +0100, intrigeri wrote: >> Cédric Bosdonnat: >> > This commit helps users allowing access to their images by adding their >> > own rules in apparmor.d/local/usr.lib.libvirt.virt-aa-helper. >> > […] >>

[libvirt] [PATCH v2] AppArmor: allow virt-aa-helper read access to Nova's qcow backing files.

2018-06-11 Thread intrigeri

t. > And I'd ask for an opinion on the "other" paths I listed - I can only > recommend adding as much as we can commonly agree to be useful. > To avoid coming back every few months adding another such line :-) Indeed. Perhaps next step is to c

Re: [libvirt] [PATCH] AppArmor: allow virt-aa-helper read access to Nova's qcow backing files.

2018-06-11 Thread intrigeri

usion of that discussion has been applied consistently (although implicitly): 4 commits of mine have been applied to Git since Daniel wrote that this was a valid exception, and nobody raised this topic again until today. Cheers, -- intrigeri -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] AppArmor: Allow libvirtd to kill unconfined processes

2018-01-14 Thread intrigeri

lls so it's out of my league. > But until then the rule here is required to not get into awkward situations. > +1 from me, thanks intrigeri Thanks :) -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] apparmor: fix virt-aa-helper profile

2018-01-03 Thread intrigeri

Cédric Bosdonnat: > * to handle /var/run not being a symlink to /run Does this still really exist in any distro that has chances to run a recent libvirt? If yes, then: > - /run/libvirt/**/[sv]d[a-z] r > + /{,var/}run/libvirt/**/[sv]d[a-z] r, +1 And in any case, +1 the missing comma. --

Re: [libvirt] [PATCH] apparmor: allow libvirt to send term signal to unconfined

2018-01-24 Thread intrigeri

gt; + signal (send) set=("kill", "term") peer=unconfined, +1 Reviewed-by: intrig...@boum.org Cheers, -- intrigeri -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list

Re: [libvirt] [PATCH] apparmor: support more QEMU architectures

2019-04-01 Thread intrigeri

Andrea Bolognani: > Are you okay with changing the authorship email > address so that it matches the S-o-b and pushing the patch? If you don't mind doing it yourself, sure, go ahead :) Thanks! -- intrigeri -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/m

[libvirt] [PATCH 2/2] AppArmor: add mount rules needed with additional mediation features brought by Linux 4.14

2017-11-19 Thread intrigeri+libvirt

From: intrigeri <intrigeri+libv...@boum.org> This set of rules was proposed by Christian Boltz <appar...@cboltz.de> on https://bugzilla.opensuse.org/show_bug.cgi?id=1065123. --- examples/apparmor/usr.sbin.libvirtd | 15 +++ 1 file changed, 15 insertions(+) diff --gi

[libvirt] [PATCH 1/2] AppArmor: add rules needed with additional mediation features brought by Linux 4.14.

2017-11-19 Thread intrigeri+libvirt

From: intrigeri <intrigeri+libv...@boum.org> --- examples/apparmor/libvirt-qemu | 4 examples/apparmor/usr.sbin.libvirtd | 4 2 files changed, 8 insertions(+) diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu index 064501f08e..73bdbae872

[libvirt] [PATCH v4] AppArmor: add rules needed with additional mediation features brought by Linux 4.14.

2017-11-19 Thread intrigeri+libvirt

Changes since v3: - don't add in 1/2 blanket catch-all mount rule that 2/2 was replacing anyway -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH 1/2] AppArmor: add rules needed with additional mediation features brought by Linux 4.14.

2017-11-05 Thread intrigeri+libvirt

From: intrigeri <intrigeri+libv...@boum.org> --- examples/apparmor/libvirt-qemu | 4 examples/apparmor/usr.sbin.libvirtd | 6 ++ 2 files changed, 10 insertions(+) diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu index 97dd2d45a9..9d487bf92f

[libvirt] [PATCH v3] AppArmor: add rules needed with additional mediation features brought by Linux 4.14.

2017-11-05 Thread intrigeri+libvirt

Changes since v2: - made signal rules broader, as suggested by Jamie Strandboge and indeed my tests confirm v2 was too strict; - allowed libvirtd "ptrace (read)" on libvirt-* guests, as suggested by Jamie Strandboge - added fine-grained

[libvirt] [PATCH 2/2] AppArmor: use fine-grained mount rules instead of a blanket catch-all one

2017-11-05 Thread intrigeri+libvirt

From: intrigeri <intrigeri+libv...@boum.org> This set of rules was proposed by Christian Boltz <appar...@cboltz.de> on https://bugzilla.opensuse.org/show_bug.cgi?id=1065123. --- examples/apparmor/usr.sbin.libvirtd | 15 ++- 1 file changed, 14 insertions(+), 1 deletion(-)

[libvirt] [PATCH v2] AppArmor: add rules needed with additional mediation features brought by Linux 4.14.

2017-10-26 Thread intrigeri+libvirt

[PATCH v2] AppArmor: add rules needed with additional mediation features Changes since v1: - remove unneeded "network unix" rules added by v1: they were only needed due to a bug in apparmor_parser, that was fixed in AppArmor 2.11.1 since then; - move the "network netlink raw" rule to

[libvirt] [PATCH] AppArmor: add rules needed with additional mediation features brought by Linux 4.14.

2017-10-26 Thread intrigeri+libvirt

From: intrigeri <intrigeri+libv...@boum.org> --- examples/apparmor/libvirt-qemu | 2 ++ examples/apparmor/usr.sbin.libvirtd | 6 ++ 2 files changed, 8 insertions(+) diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu index b341e31f42..5994a35042

[libvirt] [PATCH] AppArmor: allow virt-aa-helper read access to Nova's qcow backing files.

2018-06-09 Thread intrigeri+libvirt

From: intrigeri As reported on https://bugs.debian.org/892431, without this rule, when launching a QEMU KVM instance, an error occurs immediately upon launching the QEMU process such as: Could not open backing file: Could not open '/var/lib/nova/instances/_base

[libvirt] [PATCH] AppArmor: Allow libvirtd to kill unconfined processes

2018-01-13 Thread intrigeri+libvirt

From: intrigeri <intrigeri+libv...@boum.org> On startup libvirtd runs a number of QEMU processes unconfined such as: /usr/bin/qemu-system-x86_64 -S -no-user-config -nodefaults -nographic -machine none,accel=kvm:tcg -qmp unix:/var/lib/libvirt/qemu/capabilities.monitor.sock,server,

[libvirt] [PATCH] apparmor: support QEMU hppa, nios2, or1k, riscv32 and riscv64

2019-03-30 Thread intrigeri+libvirt

From: intrigeri Fixes: https://bugs.debian.org/914940 --- src/security/apparmor/libvirt-qemu | 5 + 1 file changed, 5 insertions(+) diff --git a/src/security/apparmor/libvirt-qemu b/src/security/apparmor/libvirt-qemu index 474aaefdf8..165558fe83 100644 --- a/src/security/apparmor/libvirt

[libvirt] [PATCH v2] apparmor: support more QEMU architectures

2019-04-01 Thread intrigeri+libvirt

v2 following up to Andrea Bolognani's review (thanks!) - Adds missing Signed-off-by tag - Improves commit message - Adds Reviewed-by Andrea Bolognani -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list

[libvirt] [PATCH] apparmor: support more QEMU architectures

2019-04-01 Thread intrigeri+libvirt

From: intrigeri Add hppa, nios2, or1k, riscv32 and riscv64 to the profile. Fixes: https://bugs.debian.org/914940 Signed-off-by: intrigeri Reviewed-by: Andrea Bolognani --- src/security/apparmor/libvirt-qemu | 5 + 1 file changed, 5 insertions(+) diff --git a/src/security/apparmor

64 matches

Mail list logo