]> xenbits.xensource.com Git - libvirt.git/commitdiff
projects / libvirt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: c0273cd)
Grant access to helpers
authorMike Latimer <mlatimer@suse.com>
Tue, 20 Jan 2015 01:25:41 +0000 (18:25 -0700)
committerCédric Bosdonnat <cbosdonnat@suse.com>
Fri, 23 Jan 2015 10:12:44 +0000 (11:12 +0100)
Apparmor must not prevent access to required helper programs. The following
helpers should be allowed to run in unconfined execution mode:

 - libvirt_parthelper
 - libvirt_iohelper

examples/apparmor/usr.sbin.libvirtd patch | blob | blame | history

diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd
index 4a94fff43696224abbbad18ef54406d59445efec..5d606e6cd93fa51012627750997c525a92b9aa1a 100644 (file)
--- a/examples/apparmor/usr.sbin.libvirtd
+++ b/examples/apparmor/usr.sbin.libvirtd
@@ -58,6 +58,8 @@
   audit deny /sys/kernel/security/apparmor/.* rwxl,
   /sys/kernel/security/apparmor/profiles r,
   /usr/{lib,lib64}/libvirt/* PUxr,
+  /usr/{lib,lib64}/libvirt/libvirt_parthelper ix,
+  /usr/{lib,lib64}/libvirt/libvirt_iohelper ix,
   /etc/libvirt/hooks/** rmix,
   /etc/xen/scripts/** rmix,
 
Unnamed repository; edit this file 'description' to name the repository.