On Mon, Apr 05, 2010 at 04:19:03PM -0500, Jamie Strandboge wrote:
On Mon, 2010-04-05 at 16:15 -0500, Jamie Strandboge wrote:
1_apparmor-dont-clear-caps.patch: originally submitted on 2010/02/08 with no feedback. The calls to virExec() in security_apparmor.c when invoking virt-aa-helper use VIR_EXEC_CLEAR_CAPS. When compiled without libcap-ng, this is not a problem (it's effectively a no-op) but with libcap-ng this causes MAC_ADMIN to be cleared. MAC_ADMIN is needed by virt-aa-helper to manipulate apparmor profiles and without it VMs will not start[1]. This patch calls virExec with the default VIR_EXEC_NONE instead.
Okay, we should have reviewed this at the time, sorry. Fairly contained, so applied and commited, I will push it soon, thanks ! Daniel -- Daniel Veillard | libxml Gnome XML XSLT toolkit http://xmlsoft.org/ daniel@veillard.com | Rpmfind RPM search engine http://rpmfind.net/ http://veillard.com/ | virtualization library http://libvirt.org/