[Bug 649259] Re: insufficient apparmor rights for sound
Jamie Strandboge
jamie at ubuntu.com
Mon Sep 27 21:32:40 BST 2010
Actually, /etc/apparmor.d/abstractions/libvirt-qemu does have some stuff for pulse, which suggests we should have:
owner /var/lib/libvirt/.pulse-cookie rwk, # as opposed to 'rw'
owner @{PROC}/[0-9]*/fd/ r,
owner @{PROC}/[0-9]*/fd/* r,
/usr/bin/pulseaudio PUx,
The problem is that if we add PUx on pulseaudio as well as matching in
@{PROC}, this is likely too much privilege, especially if user's are
running qemu as root. Until there is proper support in the upstream
security driver framework, users will need to adjust the AppArmor
policy.
That said, we could adjust the policy to have the above as comments,
with an appropriate warning.
--
insufficient apparmor rights for sound
https://bugs.launchpad.net/bugs/649259
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.
More information about the Ubuntu-server-bugs
mailing list