[apparmor] virt-aa-helper: does not support OVMF?
jamie at canonical.com
Wed Aug 12 14:03:54 UTC 2015
On 08/11/2015 03:44 PM, Felix Geyer wrote:
> On 11.08.2015 22:32, Jamie Strandboge wrote:
>> It is missing in both Ubuntu and Debian. src/security/virt-aa-helper.c needs to
>> update override in valid_path() to have '/usr/share/ovmf/'. I'll comment in
>> the Ubuntu bug.
> Maybe I'm missing something but the blacklist in valid_path() seems overly paranoid.
> Allowing it to add read-only access to files from /usr/share should be harmless.
> Especially considering it can allow write access to /home, /root and /dev (yes, I know
> it has to).
valid_path() is checking for what is valid to add to the guests profile. It is
paranoid because guests should have only the most limited access to the host
Jamie Strandboge http://www.ubuntu.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 819 bytes
Desc: OpenPGP digital signature
More information about the AppArmor