[Bug 545426] Re: SDL support broken when using apparmor
Ancoron Luziferis
ancoron.luciferis at gmail.com
Tue Apr 13 23:35:19 BST 2010
Well, to be correct we should read the domain configuration as well as
the storage pool definitions to correctly set up apparmor rules (just
open them as required and by demand, not by foresight).
Additionally what if someone decides to have an iscsi mounted filesystem
on /opt or using some NFS storage on /net? Even /var/local or some
complete custom paths are possible. So opening read access to all those
things just vanishes the benefit of using apparmor.
Call me paranoid but I think such a quick hack is not appropriate here,
also it is for an LTS release that gets used on servers where security
is of top level priority.
--
SDL support broken when using apparmor
https://bugs.launchpad.net/bugs/545426
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.
More information about the Ubuntu-server-bugs
mailing list