[Bug 656173] Re: virt-aa-helper generate incomplete apparmor profiles with chained backing files
James Page
656173 at bugs.launchpad.net
Thu Oct 7 12:19:26 BST 2010
I've been unable to re-produce this issue on either Lucid or Maverick
although they do exhibit different behaviour.
test.qcow2 -> test_base.qcow2 -> base/lenny_vase.qcow2 (sym link to
lenny.qcow2)
Lucid apparmor profile:
"/var/log/libvirt/**/test.log" w,
"/var/lib/libvirt/**/test.monitor" rw,
"/var/run/libvirt/**/test.pid" rwk,
"/home/jamespage/vms/test_base.qcow2" rw,
"/home/jamespage/vms/base/lenny.qcow2" rw,
"/home/jamespage/vms/test.qcow2" rw,
"/home/jamespage/reference/isos/ubuntu-server/maverick-server-i386.iso" r,
# don't audit writes to readonly files
deny "/home/jamespage/reference/isos/ubuntu-server/maverick-server-i386.iso" w,
Maverick apparmor profile:
"/var/log/libvirt/**/test.log" w,
"/var/lib/libvirt/**/test.monitor" rw,
"/var/run/libvirt/**/test.pid" rwk,
"/home/jamespage/vms/test.qcow2" rw,
"/dev/sr0" r,
# don't audit writes to readonly files
deny "/dev/sr0" w,
No apparmor messages in kern.log, and no impact on functionality.
--
virt-aa-helper generate incomplete apparmor profiles with chained backing files
https://bugs.launchpad.net/bugs/656173
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.
More information about the Ubuntu-server-bugs
mailing list