On Thu, 2017-12-21 at 12:10 +0100, intrigeri wrote:
> 1. Doing the same for usr.sbin.libvirtd?
Is there any real good for the user to have local changes for the libvirtd
profile?
> The apparmor_profiles_local_include.patch Debian patch does the same
> for usr.sbin.libvirtd:
>
> diff --git a/exa
Hi,
On Thu, Dec 21, 2017 at 12:10:58PM +0100, intrigeri wrote:
[..snip..]
> But local/usr.lib.libvirt.virt-aa-helper becomes a conffile, which
> previously it was not managed by dpkg. I don't know how this is
> handled by dpkg. I suspect it might be easier to comment out:
>
> INSTALL_DATA_LOCAL
Hi,
Cedric Bosdonnat:
> On Tue, 2017-12-12 at 15:01 +0100, intrigeri wrote:
>> Cédric Bosdonnat:
>> > This commit helps users allowing access to their images by adding their
>> > own rules in apparmor.d/local/usr.lib.libvirt.virt-aa-helper.
>> > […]
>> > profile virt-aa-helper /usr/{lib,lib64}/li
On Mon, 2017-12-11 at 16:23 +0100, Cédric Bosdonnat wrote:
...
> diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper
> b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
> index bd6181d00..f3069d369 100644
> --- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper
> +++ b/examples/apparmo
On Wed, 2017-12-20 at 10:17 +0100, intrigeri wrote:
> Hi,
>
> Cedric Bosdonnat:
> > Has that one landed in abyssal depths of the mailing list?
>
> Well, no, it's waiting for your comments about my feedback:
> https://www.redhat.com/archives/libvir-list/2017-December/msg00389.html
>
> Thanks for
On Tue, 2017-12-12 at 15:01 +0100, intrigeri wrote:
> Hi,
>
> Cédric Bosdonnat:
> > This commit helps users allowing access to their images by adding their
> > own rules in apparmor.d/local/usr.lib.libvirt.virt-aa-helper.
> > […]
> > profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper
Hi,
Cedric Bosdonnat:
> Has that one landed in abyssal depths of the mailing list?
Well, no, it's waiting for your comments about my feedback:
https://www.redhat.com/archives/libvir-list/2017-December/msg00389.html
Thanks for pinging!
(Sorry I did not put you in explicit copy, I assumed you wou
Hi there!
Has that one landed in abyssal depths of the mailing list?
--
Cedric
On Mon, 2017-12-11 at 16:23 +0100, Cédric Bosdonnat wrote:
> virt-aa-helper needs read access to the disk image to resolve symlinks
> and add the proper rules to the profile. Its profile whitelists a few
> common path
Hi,
Cédric Bosdonnat:
> This commit helps users allowing access to their images by adding their
> own rules in apparmor.d/local/usr.lib.libvirt.virt-aa-helper.
> […]
> profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
>#include
> + #include
The packaging helper we use in De
virt-aa-helper needs read access to the disk image to resolve symlinks
and add the proper rules to the profile. Its profile whitelists a few
common paths, but users can place their images anywhere.
This commit helps users allowing access to their images by adding their
own rules in apparmor.d/loca
10 matches
Mail list logo
