Re: [libvirt] [PATCH] apparmor: QEMU monitor socket moved
On Thu, Mar 31, 2016 at 05:00:09PM +0200, Guido Günther wrote:
The directory name changed in
a89f05ba8df095875f5ec8a9065a585af63a010b.
---
src/security/virt-aa-helper.c | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index a2d7226..0ded671 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -1366,6 +1366,8 @@ main(int argc, char **argv)
LOCALSTATEDIR, ctl->def->name);
virBufferAsprintf(&buf, "
\"%s/lib/libvirt/qemu/domain-%s/monitor.sock\" rw,\n",
LOCALSTATEDIR, ctl->def->name);
+ virBufferAsprintf(&buf, "
\"%s/lib/libvirt/qemu/domain-*-%.*s/monitor.sock\" rw,\n",
Shouldn't this be domain-%d-... with the %d being ctl->def->id? Or is
it not known at this point? Then I think it should allow only numbers
between the dashes. If that's possible.
Another question, though: shouldn't there be also vnc.sock in case that
is enabled? Basically we create this (and the
qemu/channel/target/domain-...) directory just for that particular
domain, so it should have access to the whole directory. Also the
channel/target one, I believe. Or did I miss something?
Thanks,
Martin
+ LOCALSTATEDIR, 20,
ctl->def->name);
virBufferAsprintf(&buf, "
\"%s/run/libvirt/**/%s.pid\" rwk,\n",
LOCALSTATEDIR, ctl->def->name);
virBufferAsprintf(&buf, " \"/run/libvirt/**/%s.pid\"
rwk,\n",
--
2.8.0.rc3
--
libvir-list mailing list
libvir-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Attachments:
- signature.asc (application/pgp-signature — 819 bytes)