]> git.ipfire.org Git - thirdparty/libvirt.git/commit
projects / thirdparty / libvirt.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 55aaa1b) | patch
apparmor: Permit new capabilities required by libvirtd
authorJim Fehlig <jfehlig@suse.com>
Mon, 7 Jun 2021 22:21:28 +0000 (16:21 -0600)
committerJim Fehlig <jfehlig@suse.com>
Tue, 8 Jun 2021 17:13:00 +0000 (11:13 -0600)
commit4f2811eb816ed1da215b86778dfcf483917666a1
tree071df4323198802b173790eef10a590bdd54b91etree | snapshot
parent55aaa1b037df0a6e5815e27c9be1afcb74781cf3commit | diff
apparmor: Permit new capabilities required by libvirtd

The audit log contains the following denials from libvirtd

apparmor="DENIED" operation="capable" profile="libvirtd" pid=6012 comm="daemon-init" capability=17  capname="sys_rawio"
apparmor="DENIED" operation="capable" profile="libvirtd" pid=6012 comm="rpc-worker" capability=39  capname="bpf"
apparmor="DENIED" operation="capable" profile="libvirtd" pid=6012 comm="rpc-worker" capability=38  capname="perfmon"

Squelch the denials and allow the capabilities in the libvirtd
apparmor profile.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Neal Gompa <ngompa13@gmail.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
src/security/apparmor/usr.sbin.libvirtd.in diff | blob | blame | history
Mirror of https://github.com/libvirt/libvirt.git