openkylin
/
libvirt
mirror of https://gitee.com/openkylin/libvirt.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

Grant access to helpers 

Apparmor must not prevent access to required helper programs. The following
helpers should be allowed to run in unconfined execution mode:

 - libvirt_parthelper
 - libvirt_iohelper
This commit is contained in:
Mike Latimer 2015-01-19 18:25:41 -07:00 committed by Cédric Bosdonnat
parent c0273cd6f2
commit 338b07afa9
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
examples/apparmor/usr.sbin.libvirtd
View File

@ -58,6 +58,8 @@
audit deny /sys/kernel/security/apparmor/.* rwxl,
/sys/kernel/security/apparmor/profiles r,
/usr/{lib,lib64}/libvirt/* PUxr,
/usr/{lib,lib64}/libvirt/libvirt_parthelper ix,
/usr/{lib,lib64}/libvirt/libvirt_iohelper ix,
/etc/libvirt/hooks/** rmix,
/etc/xen/scripts/** rmix,