Mind you I'm not crazy about this. If this could be toggled with a default-off config option that would seem better than always giving these caps to libvirt-qemu. Quoting Stefan Bader (stefan.bader@canonical.com):
From: Serge Hallyn <serge.hallyn@ubuntu.com>
Add fowner and fsetid to libvirt-qemu profile.
Bug-Ubuntu: https://bugs.launchpad.net/bugs/1378434
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> Signed-off-by: Stefan Bader <stefan.bader@canonical.com> --- examples/apparmor/libvirt-qemu | 4 ++++ 1 file changed, 4 insertions(+)
diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu index 89466c9..f04ce04 100644 --- a/examples/apparmor/libvirt-qemu +++ b/examples/apparmor/libvirt-qemu @@ -13,6 +13,10 @@ capability setgid, capability setuid,
+ # for 9p + capability fsetid, + capability fowner, + network inet stream, network inet6 stream,
-- 2.7.4