[Bug 801569] [NEW] apparmor security driver broken in 0.9.2
Jamie Strandboge
jamie at ubuntu.com
Fri Jun 24 13:37:24 UTC 2011
Public bug reported:
Commit 12317957ecd6c37a2fb16275dcdeeacfe25c517 introduced an
incompatible architectural change for the AppArmor security driver.
Specifically, virSecurityManagerSetAllLabel() is now called much later
in src/qemu/qemu_process.c:qemuProcessStart(). Previously, SetAllLabel()
was called immediately after GenLabel() such that after the dynamic
label (profile name) was generated, SetAllLabel() would be called to
create and load the AppArmor profile into the kernel before
qemuProcessHook() was executed. With
12317957ecd6c37a2fb16275dcdeeacfe25c517, qemuProcessHook() is now called
before SetAllLabel(), such that aa_change_profile() ends up being called
before the AppArmor profile is loaded into the kernel (via
ProcessLabel() in qemuProcessHook()).
While 0.9.2 is not in Ubuntu yet, this functionality must be fixed if we
are to have new libvirt releases in Ubuntu.
** Affects: libvirt (Ubuntu)
Importance: Critical
Assignee: Jamie Strandboge (jdstrand)
Status: In Progress
** Affects: libvirt (Ubuntu Oneiric)
Importance: Critical
Assignee: Jamie Strandboge (jdstrand)
Status: In Progress
** Also affects: libvirt (Ubuntu Oneiric)
Importance: Undecided
Status: New
** Changed in: libvirt (Ubuntu Oneiric)
Importance: Undecided => Critical
** Changed in: libvirt (Ubuntu Oneiric)
Status: New => In Progress
** Changed in: libvirt (Ubuntu Oneiric)
Milestone: None => oneiric-alpha-2
** Changed in: libvirt (Ubuntu Oneiric)
Assignee: (unassigned) => Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in Ubuntu.
https://bugs.launchpad.net/bugs/801569
Title:
apparmor security driver broken in 0.9.2
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/801569/+subscriptions
More information about the Ubuntu-server-bugs
mailing list