[libvirt] [PATCH] fix AppArmor security driver when libvirt is compiled with libcap-ng
The calls to virExec() in security_apparmor.c when invoking
virt-aa-helper use VIR_EXEC_CLEAR_CAPS. When compiled without libcap-ng,
this is not a problem (it's effectively a no-op) but with libcap-ng this
causes MAC_ADMIN to be cleared. MAC_ADMIN is needed by virt-aa-helper to
manipulate apparmor profiles and without it VMs will not start[1]. This
patch calls virExec with the default VIR_EXEC_NONE instead.
[1] https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/517714
--
Jamie Strandboge | http://www.canonical.com
Attachments:
- signature.asc (application/pgp-signature — 198 bytes)
- 9013-apparmor-dont-clear-caps.patch (text/x-patch — 1.6 KB)