Re: [libvirt PATCH 1/1] apparmor: Allow umount(/dev)
On 1/18/23 10:07, Andrea Bolognani wrote:
On Wed, Jan 18, 2023 at 08:59:23AM -0700, Jim Fehlig wrote:
> On 1/18/23 03:45, Andrea Bolognani wrote:
>> Jim, it looks like you came up with exactly the same solution as
>> me, despite concerns about the size of the resulting hammer. Any
>> other ideas, or should we just go ahead and merge this as-is?
>
> My apparmor skills are too weak to select a smaller tool, so I'd say merge
> as-is. It wasn't clear to me if/why the umount of /dev was actually needed,
> but Michal did an excellent job of describing why it is.
Okay, pushed now.
Does this warrant creating a maintenance branch / release? 9.0.0 is
basically unusable out of the box on AppArmor hosts...
There have been similar issues with past releases, e.g. a bug in the libxl
driver preventing libvirt use with Xen.
On the other hand, package maintainers for Debian/Ubuntu and
openSUSE
are aware of the issue and know exactly which commit they need to
backport.
Like the past cases, I'm fine backporting the commit.
Are there other distros out there using AppArmor?
Not that I'm aware of.
Regards,
Jim