Re: [libvirt] [PATCH 2/4] apparmor: add mediation rules for unconfined guests

On Mon, 2018-08-13 at 16:39 +0200, Christian Ehrhardt wrote: > If a guest runs unconfined , but libvirtd is > confined then the peer for signal can only be detected as > 'unconfined'. That triggers issues like: >apparmor="DENIED" operation="signal" >profile="/usr/sbin/libvirtd" pid=22395 co

[libvirt] [PATCH 2/4] apparmor: add mediation rules for unconfined guests

If a guest runs unconfined , but libvirtd is confined then the peer for signal can only be detected as 'unconfined'. That triggers issues like: apparmor="DENIED" operation="signal" profile="/usr/sbin/libvirtd" pid=22395 comm="libvirtd" requested_mask="send" denied_mask="send" signal=term p