This is a very old Delta we are still carrying.
Compared to a lot of the delta which just has no trace where it came from this
one had at least a bug link - yeah - thanks Jamie!
So for documentation purpose I'm updating here as I'm about to remove
the related Delta on the next merge as it is safe to be removed.
Case dependent tests:
- We have an allow and a deny, who wins anyway?
Discussed - denies are evaluated separate and win - so the rule was effective.
- Test:
1. make a setup with disks owned by root and non-root (mixed)
2. run default - ok
DROP the setpcap deny
3. run again - ok
4. disable apparmor security via seclabel none
5. run again - ok
6. repeat 1-5 with user/group set to root in /etc/libvirt/qemu.conf - all
ok
So it works fine in all cases related to the initial issue.
Note: It will grab ownership for the time of the execution, example:
-rw-r--r-- 1 root root 196616 Dec 14 15:46 test.qcow2
when run as extra user changes to:
-rw-r--r-- 1 libvirt-qemu kvm 196616 Dec 14 15:46 test.qcow2
So we are good to drop that old change
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/522845
Title:
compiling with libcap-ng disallows qemu/kvm access to files not owned
by root when not using AppArmor
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/522845/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
