Re: [libvirt] [PATCH] 1/10 AppArmor driver updates
On Mon, Apr 05, 2010 at 04:19:03PM -0500, Jamie Strandboge wrote:
On Mon, 2010-04-05 at 16:15 -0500, Jamie Strandboge wrote:
> 1_apparmor-dont-clear-caps.patch: originally submitted on 2010/02/08
> with no feedback. The calls to virExec() in security_apparmor.c when
> invoking virt-aa-helper use VIR_EXEC_CLEAR_CAPS. When compiled without
> libcap-ng, this is not a problem (it's effectively a no-op) but with
> libcap-ng this causes MAC_ADMIN to be cleared. MAC_ADMIN is needed by
> virt-aa-helper to manipulate apparmor profiles and without it VMs will
> not start[1]. This patch calls virExec with the default VIR_EXEC_NONE
> instead.
Okay, we should have reviewed this at the time, sorry. Fairly
contained, so applied and commited, I will push it soon,
thanks !
Daniel
--
Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/
daniel(a)veillard.com | Rpmfind RPM search engine http://rpmfind.net/
http://veillard.com/ | virtualization library http://libvirt.org/