NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

Apparmor: Allow reading /etc/ssl/openssl.cnf

Browse Source 
I noticed the following denial when running confined VMs with the QEMU
driver

type=AVC msg=audit(1623865089.263:865): apparmor="DENIED" operation="open" \
profile="virt-aa-helper" name="/etc/ssl/openssl.cnf" pid=12503 \
comm="virt-aa-helper" requested_mask="r" denied_mask="r" fsuid=0 ouid=0

Allow reading the file by including the openssl abstraction in the
virt-aa-helper profile.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
This commit is contained in:
Jim Fehlig 2021-06-16 15:25:33 -06:00
parent f552e68d9f
commit 64ae7635e6
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in
View File

@ -2,6 +2,7 @@
profile virt-aa-helper @libexecdir@/virt-aa-helper { profile virt-aa-helper @libexecdir@/virt-aa-helper {
#include <abstractions/base> #include <abstractions/base>
#include <abstractions/openssl>
# needed for searching directories # needed for searching directories
capability dac_override, capability dac_override,