- 20 4月, 2015 1 次提交
-
-
由 Cédric Bosdonnat 提交于
-
- 09 4月, 2015 1 次提交
-
-
由 Cédric Bosdonnat 提交于
SLES 11 has legacy qemu-kvm package, /usr/bin/qemu-kvm and /usr/share/qemu-kvm need to be accessed to domains.
-
- 05 1月, 2015 1 次提交
-
-
由 Cedric Bosdonnat 提交于
The apparmor profiles forgot about /usr/lib64 folders, just add lib64 as a possible alternative to lib in the paths
-
- 04 9月, 2014 1 次提交
-
-
由 Felix Geyer 提交于
libcap-ng >= 0.7.4 fails when it can't read /sys/kernel/cap_last_cap and thus running a qemu guest fails. Allow reading cap_last_cap in the libvirt-qemu apparmor abstraction. Signed-off-by: NMichal Privoznik <mprivozn@redhat.com>
-
- 27 3月, 2014 1 次提交
-
-
由 Cédric Bosdonnat 提交于
See lp#1276719 for the bug description. As virt-aa-helper doesn't know the VFIO groups to use for the guest, allow access to all /dev/vfio/[0-9]* and /dev/vfio/vfio files if there is a potential need for vfio Signed-off-by: NEric Blake <eblake@redhat.com>
-
- 08 2月, 2014 1 次提交
-
-
由 Felix Geyer 提交于
Tested on Debian unstable. The profile updates are partly taken from the Ubuntu trusty libvirt package. Signed-off-by: NGuido Günther <agx@sigxcpu.org>
-
- 06 8月, 2012 1 次提交
-
-
由 Richa Marwaha 提交于
This patch provides AppArmor policy updates for the QEMU bridge helper. The QEMU bridge helper is a SUID executable exec'd by QEMU that drops capabilities to CAP_NET_ADMIN and adds a tap device to a network bridge. Signed-off-by: NRicha Marwaha <rmarwah@linux.vnet.ibm.com> Signed-off-by: Corey Bryant<coreyb@linux.vnet.ibm.com>
-
- 15 7月, 2011 1 次提交
-
-
由 Jamie Strandboge 提交于
In the Ubuntu development release we recently got a new udev that moves /var/run to /run, /var/lock to /run/lock and /dev/shm to /run/shm. This change in udev requires updating the apparmor security driver in libvirt[1]. Attached is a patch that: * adjusts src/security/virt-aa-helper.c to allow both LOCALSTATEDIR/run/libvirt/**/%s.pid and /run/libvirt/**/%s.pid. While the profile is not as precise, LOCALSTATEDIR/run/ is typically a symlink to /run/ anyway, so there is no additional access (remember that apparmor resolves symlinks, which is why this is still required even if /var/run points to /run). * adjusts example/apparmor/libvirt-qemu paths for /dev/shm [1]https://launchpad.net/bugs/810270 -- Jamie Strandboge | http://www.canonical.com
-
- 08 7月, 2011 1 次提交
-
-
由 John Williams 提交于
Add libvirt support for MicroBlaze architecture as a QEMU target. Based on mips/mipsel pattern. Signed-off-by: NJohn Williams <john.williams@petalogix.com>
-
- 07 4月, 2010 1 次提交
-
-
由 Jamie Strandboge 提交于
* examples/apparmor/libvirt-qemu examples/apparmor/usr.sbin.libvirtd examples/apparmor/usr.lib.libvirt.virt-aa-helper: Update the examples
-
- 13 11月, 2009 1 次提交
-
-
由 Jamie Strandboge 提交于
* examples/apparmor/libvirt-qemu: adds pulseaudio, alsa and preliminary save/restore to the example apparmor abstraction * examples/apparmor/usr.sbin.libvirtd: allows libvirtd access to inet dgram, inet6 dgram, inet6 stream and /usr/lib/libvirt/*
-
- 08 10月, 2009 1 次提交
-
-
由 Jamie Strandboge 提交于
* docs/drvqemu.html.in: include documentation for AppArmor sVirt confinement * examples/apparmor/TEMPLATE examples/apparmor/libvirt-qemu examples/apparmor/usr.lib.libvirt.virt-aa-helper examples/apparmor/usr.sbin.libvirtd: example templates and configuration files for SVirt Apparmor when using KVM/QEmu
-