openkylin
/
libvirt
mirror of https://gitee.com/openkylin/libvirt.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

apparmor: Add openGraphicsFD rule for named profile 

Commit a3ab6d42 changed the libvirtd profile to a named profile
but neglected to accommodate the change in the qemu profile
ptrace and signal rules.
Later on 4ec3cf9a fixed that for ptrace and signal but openGraphicsFD
is still missing.

As a result, libvirtd is unable to open UI on libvirt >=5.1 e.g. with
virt-manager.

Add openGraphicsFD rule that references the libvirtd profile
by name in addition to full binary path.

Fixes: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1833040

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
This commit is contained in:
Christian Ehrhardt 2019-06-19 09:04:55 +02:00
parent 7c570f06bd
commit 18ffb1670e
No known key found for this signature in database
GPG Key ID: BA3E29338280B242
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/security/apparmor/libvirt-qemu
View File

@ -208,6 +208,7 @@
/sys/firmware/devicetree/** r,
# allow connect with openGraphicsFD to work
unix (send, receive) type=stream addr=none peer=(label=libvirtd),
unix (send, receive) type=stream addr=none peer=(label=/usr/sbin/libvirtd),
# for gathering information about available host resources