[Bug 646706] Re: NWFilter support broken due to Apparmour restrictions

2011-10-16 Thread Ubuntu QA Website
** Tags added: iso-testing -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in Ubuntu. https://bugs.launchpad.net/bugs/646706 Title: NWFilter support broken due to Apparmour restrictions To manage notifications about this

[Bug 646706] Re: NWFilter support broken due to Apparmour restrictions

2010-09-24 Thread Jamie Strandboge
I'm not opposed to changing /etc/apparmor.d/usr.sbin.libvirtd at all since that profile is intended to be very lenient and is there primarily so we can aa_change_profile() and deny a couple of things. However, 'network socket dgram,' is not valid apparmor syntax (see 'man apparmor.d' for details).

Re: [Bug 646706] Re: NWFilter support broken due to Apparmour restrictions

2010-09-24 Thread Soren Hansen
On 24-09-2010 13:37, Jamie Strandboge wrote: I'm not opposed to changing /etc/apparmor.d/usr.sbin.libvirtd at all since that profile is intended to be very lenient and is there primarily so we can aa_change_profile() and deny a couple of things. However, 'network socket dgram,' is not valid

[Bug 646706] Re: NWFilter support broken due to Apparmour restrictions

2010-09-24 Thread Jamie Strandboge
Adding this to /etc/apparmor.d/usr.sbin.libvirtd is fine: network packet dgram, libvirtd is not intended to be confined an any way (except it is forced to use virt-aa-helper instead of manipulated AppArmor directly). Adding the above is pure bugfix and does not diminish the intended security

[Bug 646706] Re: NWFilter support broken due to Apparmour restrictions

2010-09-24 Thread Jamie Strandboge
Before you upload, please let the release team know about it. -- NWFilter support broken due to Apparmour restrictions https://bugs.launchpad.net/bugs/646706 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. --

[Bug 646706] Re: NWFilter support broken due to Apparmour restrictions

2010-09-24 Thread Chuck Short
** Also affects: libvirt (Ubuntu Maverick) Importance: Undecided Status: New ** Tags added: server-mrs -- NWFilter support broken due to Apparmour restrictions https://bugs.launchpad.net/bugs/646706 You received this bug notification because you are a member of Ubuntu Server Team,

[Bug 646706] Re: NWFilter support broken due to Apparmour restrictions

2010-09-24 Thread Launchpad Bug Tracker
** Branch linked: lp:ubuntu/libvirt -- NWFilter support broken due to Apparmour restrictions https://bugs.launchpad.net/bugs/646706 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. -- Ubuntu-server-bugs mailing list

[Bug 646706] Re: NWFilter support broken due to Apparmour restrictions

2010-09-24 Thread Jamie Strandboge
I ACK the change to 0.8.3-1ubuntu14 in the unapproved queue. -- NWFilter support broken due to Apparmour restrictions https://bugs.launchpad.net/bugs/646706 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to libvirt in ubuntu. --

[Bug 646706] Re: NWFilter support broken due to Apparmour restrictions

2010-09-24 Thread Launchpad Bug Tracker
This bug was fixed in the package libvirt - 0.8.3-1ubuntu14 --- libvirt (0.8.3-1ubuntu14) maverick; urgency=low * Let Apparmor allow libvirtd to create PF_PACKET sockets. Several utility functions require it. Of particular interest, the NWFilter code uses it, so libvirt's