git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Andrea Bolognani <abologna@redhat.com>
	Wed, 18 Jan 2023 09:28:04 +0000 (10:28 +0100)
committer	Andrea Bolognani <abologna@redhat.com>
	Wed, 18 Jan 2023 17:02:03 +0000 (18:02 +0100)
commit	ef4829510549ec68cf80774e98b200a3e7bbe51f
tree	2f4f5834921b37719b388d76c621242390cf83a9	tree
parent	9cd70fb25cad171e415fb05a4e01f244304c602e	commit \| diff

apparmor: Allow umount(/dev)

Commit 379c0ce4bfed introduced a call to umount(/dev) performed
inside the namespace that we run QEMU in.

As a result of this, on machines using AppArmor, VM startup now
fails with

  internal error: Process exited prior to exec: libvirt:
  QEMU Driver error: failed to umount devfs on /dev: Permission denied

The corresponding denial is

  AVC apparmor="DENIED" operation="umount" profile="libvirtd"
      name="/dev/" pid=70036 comm="rpc-libvirtd"

Extend the AppArmor configuration for virtqemud and libvirtd so
that this operation is allowed.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>

src/security/apparmor/usr.sbin.libvirtd.in		diff \| blob \| blame \| history
src/security/apparmor/usr.sbin.virtqemud.in		diff \| blob \| blame \| history