This is sort of safe because:
- while /tmp could contain anything it is not recommended to put critical data
there anyway
- while it would be hard to predict the PID as part of the string (this is not
exposed through https://libvirt.org/formatdomain.html) so that virt-aa-helper
could generate it it is guarded by the "owner" statement
In fact there already is an abstraction meant for this
apparmor.d/abstractions/user-tmp
# per-user tmp directories
owner @{HOME}/tmp/** rwkl,
owner @{HOME}/tmp/ rw,
# global tmp directories
owner /var/tmp/** rwkl,
/var/tmp/ rw,
owner /tmp/** rwkl,
/tmp/ rw,
This should be perfectly fine to be added I'd think.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1786159
Title:
qemu smb feature blocked by apparmor
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1786159/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
