Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Step:FrontRunner
libvirt.11701
8741b943-apparmor-ptrace-rules.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 8741b943-apparmor-ptrace-rules.patch of Package libvirt.11701
commit 8741b9435108b1f0d87670e44e1ed75f806b7791 Author: Christian Ehrhardt <christian.ehrhardt@canonical.com> Date: Fri Aug 24 08:07:39 2018 +0200 apparmor: fix ptrace rules with kernel 4.18 Due to kernel upstream change 338d0be4 ("apparmor: fix ptrace read check") libvirt now hits apparmor denies like: apparmor="DENIED" operation="ptrace" profile="/usr/sbin/libvirtd" pid=4409 comm="libvirtd" requested_mask="read" denied_mask="read" peer="libvirt-14e92a75-7668-4b97-8f92-322fc1b9c78a" Extend the ptrace rule to also allow 'ptrace (read)' for libvirtd to work with these newer kernels. Fixes: https://bugs.launchpad.net/bugs/1788603 Reported-by: Thadeu Lima de Souza Cascardo <thadeu.cascardo@canonical.com> Reviewed-by: Erik Skultety <eskultet@redhat.com> Acked-by: Jamie Strandboge <jamie@canonical.com> Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> Index: libvirt-4.0.0/examples/apparmor/usr.sbin.libvirtd =================================================================== --- libvirt-4.0.0.orig/examples/apparmor/usr.sbin.libvirtd +++ libvirt-4.0.0/examples/apparmor/usr.sbin.libvirtd @@ -56,10 +56,10 @@ # for --p2p migrations unix (send, receive) type=stream addr=none peer=(label=unconfined addr=none), - ptrace (trace) peer=unconfined, - ptrace (trace) peer=/usr/sbin/libvirtd, - ptrace (trace) peer=/usr/sbin/dnsmasq, - ptrace (trace) peer=libvirt-*, + ptrace (read,trace) peer=unconfined, + ptrace (read,trace) peer=/usr/sbin/libvirtd, + ptrace (read,trace) peer=/usr/sbin/dnsmasq, + ptrace (read,trace) peer=libvirt-*, signal (send) peer=/usr/sbin/dnsmasq, signal (read, send) peer=libvirt-*,
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor