提交 4ec3cf9a 编写于 作者: J Jim Fehlig

apparmor: Add ptrace and signal rules for named profile

Commit a3ab6d42 changed the libvirtd profile to a named profile
but neglected to accommodate the change in the qemu profile
ptrace and signal rules. As a result, libvirtd is unable to
signal confined qemu processes and hence unable to shutdown
or destroy VMs.

Add ptrace and signal rules that reference the libvirtd profile
by name in addition to full binary path.
Signed-off-by: NJim Fehlig <jfehlig@suse.com>
Acked-by: NJamie Strandboge <jamie@canonical.com>
上级 3fd1a159
......@@ -16,8 +16,10 @@
network inet stream,
network inet6 stream,
ptrace (readby, tracedby) peer=libvirtd,
ptrace (readby, tracedby) peer=/usr/sbin/libvirtd,
signal (receive) peer=libvirtd,
signal (receive) peer=/usr/sbin/libvirtd,
/dev/net/tun rw,
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册