[Pkg-libvirt-maintainers] Bug#786650: Bug#786650: virt-aa-helper: incomplete apparmor profile
Guido Günther
agx at sigxcpu.org
Sat Jun 13 11:09:36 UTC 2015
On Fri, Jun 12, 2015 at 10:17:49PM +0200, Felix Geyer wrote:
> Hi,
>
> On Sun, 24 May 2015 16:51:27 +0000 Luke Faraone <lfaraone at debian.org> wrote:
> > On Sun, 2015-05-24 at 09:43 +0200, Guido Günther wrote:
> > > Hi,
> > > thanks for the patch.
> > > On Sun, May 24, 2015 at 12:14:48AM +0000, Luke Faraone wrote:
> > > [..snip..]
> > > > --- usr.lib.libvirt.virt-aa-helper 2015-05-23 23:43:44.751750819 +0000
> > > > +++ /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper 2015-05-24 00:03:13.039766331 +0000
> > > > @@ -1,7 +1,7 @@
> > > > # Last Modified: Mon Apr 5 15:10:27 2010
> > > > #include <tunables/global>
> > > >
> > > > -/usr/lib/libvirt/virt-aa-helper {
> > > > +/usr/lib/libvirt/virt-aa-helper flags=(complain) {
> > >
> > > Is that one needed as well or is it rather a debugging leftover?
> >
> > Oops, you're right, this was just for debugging. Sorry about that.
>
> I think the problems you are seeing are entirely because of bug #786652.
>
> These denials should be harmless therefore I propose the attached patch.
> This is also aligned with what Ubuntu does in their virt-aa-helper profile.
Thanks. In case anybody wants to test this:
http://honk.sigxcpu.org/projects/libvirt/snapshots/
has these changes applied.
Cheers,
-- Guido
More information about the Pkg-libvirt-maintainers
mailing list