8 Feb
2010
8 Feb
'10
5:05 p.m.
The calls to virExec() in security_apparmor.c when invoking virt-aa-helper use VIR_EXEC_CLEAR_CAPS. When compiled without libcap-ng, this is not a problem (it's effectively a no-op) but with libcap-ng this causes MAC_ADMIN to be cleared. MAC_ADMIN is needed by virt-aa-helper to manipulate apparmor profiles and without it VMs will not start[1]. This patch calls virExec with the default VIR_EXEC_NONE instead. [1] https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/517714 -- Jamie Strandboge | http://www.canonical.com