[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [PATCH 2/2] apparmor: allow unmounting .dev entries



On Fri, Aug 07, 2020 at 12:21:20PM +0200, Christian Ehrhardt wrote:
> With qemu 5.0 and libvirt 6.6 there are new apparmor denials:
>   apparmor="DENIED" operation="umount" profile="libvirtd"
>   name="/run/libvirt/qemu/1-kvmguest-groovy-norm.dev/" comm="rpc-worker"
> 
> These are related to new issues around devmapper handling [1] and the
> error path triggered by these issues now causes this new denial.
> 
> There are already related rules for mounting and it seems right to
> allow also the related umount.
> 
> [1]: https://www.redhat.com/archives/libvir-list/2020-August/msg00236.html
> 
> Signed-off-by: Christian Ehrhardt <christian ehrhardt canonical com>
> ---
>  src/security/apparmor/usr.sbin.libvirtd.in | 1 +
>  1 file changed, 1 insertion(+)

Reviewed-by: Daniel P. Berrangé <berrange redhat com>


Regards,
Daniel
-- 
|: https://berrange.com      -o-    https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org         -o-            https://fstop138.berrange.com :|
|: https://entangle-photo.org    -o-    https://www.instagram.com/dberrange :|


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]