Re: [libvirt PATCH 1/1] apparmor: Allow umount(/dev)
On Wed, Jan 18, 2023 at 08:59:23AM -0700, Jim Fehlig wrote:
On 1/18/23 03:45, Andrea Bolognani wrote:
> Jim, it looks like you came up with exactly the same solution as
> me, despite concerns about the size of the resulting hammer. Any
> other ideas, or should we just go ahead and merge this as-is?
My apparmor skills are too weak to select a smaller tool, so I'd say merge
as-is. It wasn't clear to me if/why the umount of /dev was actually needed,
but Michal did an excellent job of describing why it is.
Okay, pushed now.
Does this warrant creating a maintenance branch / release? 9.0.0 is
basically unusable out of the box on AppArmor hosts...
On the other hand, package maintainers for Debian/Ubuntu and openSUSE
are aware of the issue and know exactly which commit they need to
backport. Are there other distros out there using AppArmor?
--
Andrea Bolognani / Red Hat / Virtualization