[apparmor] [PATCH] Don't unload libvirt's dynamic profiles on reload
Kees Cook
kees.cook at canonical.com
Tue Feb 22 17:42:24 UTC 2011
Hi Jamie,
On Tue, Feb 22, 2011 at 11:36:21AM -0600, Jamie Strandboge wrote:
> Libvirt generates dynamic profiles using aa_change_profile(). When a
> dynamic profile is added, it is of the form of 'libvirt-<vm uuid>'. Eg:
> libvirt-b5779634-a136-b0d1-c0a4-0706752c4f25
>
> Currently, the initscripts will unload these profiles on reload, but
> they shouldn't touch them[1]. This patch special-cases libvirt's
> profiles for now so this does not happen. If more applications use
> dynamic profiles, we can in some way generalize this to flag profiles as
> dynamic.
>
> [1]https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/702774
Note that Ubuntu's init scripts do not use the rc.apparmor.functions file.
-Kees
--
Kees Cook
Ubuntu Security Team
More information about the AppArmor
mailing list