Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12:Update
libvirt
b61fb8e8-apparmor-xen-fixup.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File b61fb8e8-apparmor-xen-fixup.patch of Package libvirt
commit b61fb8e8af13d98bb4eebbb1fddefebf93d7d4f1 Author: Mike Latimer <mlatimer@suse.com> Date: Mon Jan 19 18:25:40 2015 -0700 Fix apparmor issues for Xen In order for apparmor to work properly in Xen environments, the following access rights need to be allowed: - Allow CAP_SYS_PACCT, which is required when resetting some multi-port Broadcom cards by writting to the PCI config space - Allow CAP_IPC_LOCK, which is required to lock/unlock memory. Without this setting, an error 'Resource temporarily unavailable' can be seen while attempting to mmap memory. At the same time, the following apparmor message is seen: apparmor="DENIED" operation="capable" parent=1 profile="/usr/sbin/libvirtd" pid=2097 comm="libvirtd" pid=2097 comm="libvirtd" capability=14 capname="ipc_lock" - Allow access to distribution specific directories: /usr/{lib,lib64}/xen/bin Index: libvirt-1.2.5/examples/apparmor/usr.sbin.libvirtd =================================================================== --- libvirt-1.2.5.orig/examples/apparmor/usr.sbin.libvirtd +++ libvirt-1.2.5/examples/apparmor/usr.sbin.libvirtd @@ -13,6 +13,7 @@ capability sys_admin, capability sys_module, capability sys_ptrace, + capability sys_pacct, capability sys_nice, capability sys_chroot, capability setuid, @@ -24,6 +25,7 @@ capability mknod, capability fsetid, capability audit_write, + capability ipc_lock, # Needed for vfio capability sys_resource, @@ -45,6 +47,7 @@ /usr/sbin/* PUx, /lib/udev/scsi_id PUx, /usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx, + /usr/{lib,lib64}/xen/bin/* Ux, # force the use of virt-aa-helper audit deny /sbin/apparmor_parser rwxl,
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor