On Sat, Dec 17, 2016 at 03:54:29PM +0100, intrigeri wrote:
> Hi,
>
> Daniel P. Berrange:
> > On Mon, Dec 12, 2016 at 04:04:34PM +0100, Martin Kletzander wrote:
> >> Didn't we have a policy of using real names in commit messages? I
> >> remember someone advocating that (Eric?), so I did that as we
Hi,
Daniel P. Berrange:
> On Mon, Dec 12, 2016 at 04:04:34PM +0100, Martin Kletzander wrote:
>> Didn't we have a policy of using real names in commit messages? I
>> remember someone advocating that (Eric?), so I did that as well. But to
>> be honest, I can't find it anywhere in our docs, but it
On Mon, Dec 12, 2016 at 04:04:34PM +0100, Martin Kletzander wrote:
> On Mon, Dec 12, 2016 at 02:09:52PM +, Daniel P. Berrange wrote:
> > On Mon, Dec 12, 2016 at 02:53:02PM +0100, Christian Ehrhardt wrote:
> > > Acked-by: Christian Ehrhardt
> > >
> > > That (just FYI) is also equivalent to
> >
On Mon, Dec 12, 2016 at 02:09:52PM +, Daniel P. Berrange wrote:
On Mon, Dec 12, 2016 at 02:53:02PM +0100, Christian Ehrhardt wrote:
Acked-by: Christian Ehrhardt
That (just FYI) is also equivalent to
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1615550
On Mon, Dec 12, 2016 at 11:
On Mon, Dec 12, 2016 at 02:53:02PM +0100, Christian Ehrhardt wrote:
> Acked-by: Christian Ehrhardt
>
> That (just FYI) is also equivalent to
> https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1615550
>
> On Mon, Dec 12, 2016 at 11:59 AM, intrigeri
> wrote:
>
> > https://bugzilla.redhat.c
Acked-by: Christian Ehrhardt
That (just FYI) is also equivalent to
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1615550
On Mon, Dec 12, 2016 at 11:59 AM, intrigeri
wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=1369281
> ---
> examples/apparmor/libvirt-qemu | 3 +++
> 1 file c
https://bugzilla.redhat.com/show_bug.cgi?id=1369281
---
examples/apparmor/libvirt-qemu | 3 +++
1 file changed, 3 insertions(+)
diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
index 11381d4df0..fdb5a23291 100644
--- a/examples/apparmor/libvirt-qemu
+++ b/examples/appa
On Wed, 2016-12-07 at 08:37 +0100, Christian Ehrhardt wrote:
> On Tue, Dec 6, 2016 at 5:40 PM, Jamie Strandboge
> wrote:
>
> >
> > I forgot to reiterate: the above is true *unless* there is another
> > non-DAC, non-
> > MAC kernel mediation (eg, does the kernel only allow modifying the 'comm'
>
On Tue, Dec 6, 2016 at 5:40 PM, Jamie Strandboge
wrote:
> I forgot to reiterate: the above is true *unless* there is another
> non-DAC, non-
> MAC kernel mediation (eg, does the kernel only allow modifying the 'comm'
> value
> of its own threads? If so, then the rule would be safe to add to the
>
On Tue, 2016-12-06 at 10:17 -0600, Jamie Strandboge wrote:
> On Mon, 2016-12-05 at 17:30 +0100, Christian Ehrhardt wrote:
> >
> > On Mon, Dec 5, 2016 at 12:21 PM, intrigeri
> > wrote:
> >
> > >
> > >
> > > + @{PROC}/@{pid}/task/@{tid}/comm rw,
> > >
> > Hi,
> > we have used the following for
On Mon, 2016-12-05 at 17:30 +0100, Christian Ehrhardt wrote:
> On Mon, Dec 5, 2016 at 12:21 PM, intrigeri
> wrote:
>
> >
> > + @{PROC}/@{pid}/task/@{tid}/comm rw,
> >
>
> Hi,
> we have used the following for now that we planned to submit soon:
> owner @{PROC}/@{pid}/task/[0-9]*/comm rw
>
> B
Jamie Strandboge:
> This rule would allow any confined guest to change the 'comm' value of any
> task
> on the system, if the system otherwise allowed it.
Right. Fixed with the 'owner' prefix in my v2 patch, as suggested
by Christian.
Cheers,
--
intrigeri
--
libvir-list mailing list
libvir-lis
https://bugzilla.redhat.com/show_bug.cgi?id=1369281
---
examples/apparmor/libvirt-qemu | 1 +
1 file changed, 1 insertion(+)
diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
index 11381d4df0..10d2ac958c 100644
--- a/examples/apparmor/libvirt-qemu
+++ b/examples/apparmo
On Mon, 2016-12-05 at 11:21 +, intrigeri wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=1369281
> ---
> examples/apparmor/libvirt-qemu | 1 +
> 1 file changed, 1 insertion(+)
>
> diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
> index 11381d4df0..a07291d583
On Mon, Dec 5, 2016 at 12:21 PM, intrigeri
wrote:
> + @{PROC}/@{pid}/task/@{tid}/comm rw,
>
Hi,
we have used the following for now that we planned to submit soon:
owner @{PROC}/@{pid}/task/[0-9]*/comm rw
But I like yours more since you are adding the explicit TID instead of a
pattern.
I'm con
https://bugzilla.redhat.com/show_bug.cgi?id=1369281
---
examples/apparmor/libvirt-qemu | 1 +
1 file changed, 1 insertion(+)
diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
index 11381d4df0..a07291d583 100644
--- a/examples/apparmor/libvirt-qemu
+++ b/examples/apparmo
16 matches
Mail list logo