]> git.ipfire.org Git - thirdparty/libvirt.git/commit
projects / thirdparty / libvirt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 684c0f1) | patch
apparmor: allow qemu abstraction to read /proc/pid/cmdline
authorJim Fehlig <jfehlig@suse.com>
Thu, 30 Nov 2017 17:32:30 +0000 (10:32 -0700)
committerJim Fehlig <jfehlig@suse.com>
Mon, 4 Dec 2017 14:00:14 +0000 (07:00 -0700)
commit0af5ced4b81b68be7016d1f8755db3d0c3249278
tree6360a1981e23e6f26229362a13d1e00c94ee7c77tree | snapshot
parent684c0f181110dc0123e8cdc50ee855a1a0c4e41dcommit | diff
apparmor: allow qemu abstraction to read /proc/pid/cmdline

Noticed the following denial in audit.log when shutting down
an apparmor confined domain

type=AVC msg=audit(1512002299.742:131): apparmor="DENIED"
operation="open" profile="libvirt-66154842-e926-4f92-92f0-1c1bf61dd1ff"
name="/proc/1475/cmdline" pid=2958 comm="qemu-system-x86"
requested_mask="r" denied_mask="r" fsuid=469 ouid=0

Squelch the denial by allowing read access to /proc/<pid>/cmdline.
examples/apparmor/libvirt-qemu diff | blob | blame | history
Mirror of https://github.com/libvirt/libvirt.git