[libvirt] [PATCH] fix AppArmor security driver when libvirt is compiled with libcap-ng
Jamie Strandboge
jamie at canonical.com
Mon Feb 8 17:05:50 UTC 2010
The calls to virExec() in security_apparmor.c when invoking
virt-aa-helper use VIR_EXEC_CLEAR_CAPS. When compiled without libcap-ng,
this is not a problem (it's effectively a no-op) but with libcap-ng this
causes MAC_ADMIN to be cleared. MAC_ADMIN is needed by virt-aa-helper to
manipulate apparmor profiles and without it VMs will not start[1]. This
patch calls virExec with the default VIR_EXEC_NONE instead.
[1] https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/517714
--
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 9013-apparmor-dont-clear-caps.patch
Type: text/x-patch
Size: 1604 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20100208/5b31d430/attachment-0001.bin>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20100208/5b31d430/attachment-0001.sig>
More information about the libvir-list
mailing list