[Please don't CC random people on patches until asked to, we are all
subscribed to the list]
On 10/22/20 4:58 PM, Christian Schoenebeck wrote:
Guests should be allowed to create hard links on mounted pathes,
since
many applications rely on this functionality and would error on guest
with current "rw" AppArmor permission with 9pfs.
Signed-off-by: Christian Schoenebeck <qemu_oss(a)crudebyte.com>
---
src/security/virt-aa-helper.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 12429278fb..5a6f4a5f7d 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -1142,7 +1142,7 @@ get_files(vahControl * ctl)
/* We don't need to add deny rw rules for readonly mounts,
* this can only lead to troubles when mounting / readonly.
*/
- if (vah_add_path(&buf, fs->src->path, fs->readonly ?
"R" : "rw", true) != 0)
+ if (vah_add_path(&buf, fs->src->path, fs->readonly ?
"R" : "rwl", true) != 0)
goto cleanup;
}
}
Reviewed-by: Michal Privoznik <mprivozn(a)redhat.com>
but I will give a day or two for other developers to chime in.
Michal