On Thu, 2010-09-23 at 16:10 +0100, Daniel P. Berrange wrote:
On Mon, Aug 16, 2010 at 02:45:02PM -0500, Jamie Strandboge wrote:
Author: Jamie Strandboge <jamie@canonical.com> Description: AppArmor example profile adjustments: - libvirt-qemu: allow guests setgid and setuid so qemu can drop privileges - virt-aa-helper: + allow access to @{PROC}/[0-9]*/net/psched + allow searching /sys/bus/usb/devices/ + deny access to /dev to suppress confusing, non-fatal profile denials + allow access to user-tmp abstraction Bug-Ubuntu: LP: #579584, LP: #565691
diff -Naurp libvirt.orig/examples/apparmor/libvirt-qemu libvirt/examples/apparmor/libvirt-qemu --- libvirt.orig/examples/apparmor/libvirt-qemu 2010-04-06 16:14:52.000000000 -0500 +++ libvirt/examples/apparmor/libvirt-qemu 2010-08-13 16:46:34.000000000 -0500 @@ -1,4 +1,4 @@ -# Last Modified: Mon Apr 5 15:11:27 2010 +# Last Modified: Fri Aug 13 16:38:32 2010
#include <abstractions/base> #include <abstractions/consoles> @@ -9,6 +9,10 @@ capability dac_read_search, capability chown,
+ # needed to drop privileges + capability setgid, + capability setuid, + network inet stream, network inet6 stream,
Does QEMU really need this ? The libvirt QEMU driver will drop privileges from root:root to qemu:qemu after forking, but before the /usr/bin/qemu binary is actually exec'd.
Yes. Users were seeing errors like: libvir: QEMU error : cannot change to '109' group: Operation not permitted libvir: QEMU error : cannot change to '104' user: Operation not permitted For details, see: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/579584 -- Jamie Strandboge | http://www.canonical.com