AppArmor: allow QEMU to set_process_name.

https://bugzilla.redhat.com/show_bug.cgi?id=1369281

Acked-by: Christian Ehrhardt <christian.ehrhardt@canonical.co>
This commit is contained in:
intrigeri 2016-12-12 10:59:32 +00:00 committed by Daniel P. Berrange
parent de79efdeb8
commit a73e7037e5
1 changed files with 3 additions and 0 deletions

View File

@ -21,6 +21,9 @@
/dev/ptmx rw,
/dev/kqemu rw,
@{PROC}/*/status r,
# Per man(5) proc, the kernel enforces that a thread may
# only modify its comm value or those in its thread group.
owner @{PROC}/@{pid}/task/@{tid}/comm rw,
@{PROC}/sys/kernel/cap_last_cap r,
# For hostdev access. The actual devices will be added dynamically