Re: [libvirt] [PATCH] apparmor: add network netlink raw rule

Thursday, 9 November 2017

On 11/09/2017 09:24 AM, Cédric Bosdonnat wrote:
...
 The rule 'network netlink raw' fixes these denials on
libvirtd start:

 apparmor="DENIED" operation="create"
profile="/usr/sbin/libvirtd" pid=12969
 comm="libvirtd" family="netlink" sock_type="raw"
protocol=0
 requested_mask="create" denied_mask="create"
 ---
   examples/apparmor/usr.sbin.libvirtd | 1 +
   1 file changed, 1 insertion(+)

 diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd
 index 819068ffc..8ac5233cc 100644
 --- a/examples/apparmor/usr.sbin.libvirtd
 +++ b/examples/apparmor/usr.sbin.libvirtd
 @@ -36,6 +36,7 @@
     network inet6 dgram,
     network packet dgram,
     network packet raw,
 +  network netlink raw, 
This is already included in intrigeri's patchset to fix other apparmor rules

https://www.redhat.com/archives/libvir-list/2017-November/msg00161.html

Regards,
Jim

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Re: [libvirt] [PATCH] apparmor: add network netlink raw rule