[libvirt] [PATCH] Add capability to example AppArmor profile

I encountered an AppArmor denial in Ubuntu 14.04. I had filed a bug here https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1324251 I just wanted to see this applied upstream from Ubuntu. This update to the profile is necessary to write to 9pfs mounts. Let me know what you think about the following patch: diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu index 83814ec..c80294c 100644 --- a/examples/apparmor/libvirt-qemu +++ b/examples/apparmor/libvirt-qemu @@ -9,6 +9,10 @@ capability dac_read_search, capability chown, + # to create and modify with 9p shares + capability fowner, + capability fsetid, + # needed to drop privileges capability setgid, capability setuid, I’m running on libvirt: 1.2.2 My host machine is: x86_64 The hypervisor is: KVM -- Steven

On 05/29/2014 01:03 AM, Steven Leung wrote:
I encountered an AppArmor denial in Ubuntu 14.04. I had filed a bug here https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1324251
...
+ # to create and modify with 9p shares + capability fowner, + capability fsetid,
I commented on this in the bug. This may be ok, but would like more info. -- Jamie Strandboge http://www.ubuntu.com/
participants (2)
-
Jamie Strandboge
-
Steven Leung