Comment 16 for bug 1546674
Revision history for this message
| Christian Ehrhardt (paelzer) wrote Re: [Bug 1546674] Re: virt-aa-helper Apparmor profile missing rules for name resolution | #16 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
>
> So while the /dev/zd0 denial was expected, the /proc/$
> ones were not.
Oh those where expected by me, I just would have hoped they are gone now -
see bug 1615550
But I see you found it already.
> To address those, I applied the patch attached.
Yeah I didn't realize in my quick patch that it doesn't only read but
actually rewrite the comm for the debug threads feature.
I also like your owner and pid check - which makes it more secure but still
allowing the needed access.
I think I need an apparmor training :-);
Thanks for your help!
I updated the ppa and it should now also got rid of these apparmor messages
while keeping your hosts fix in place.
Please if possible retest with that one.
I also think once we have confirmed that these both fixes help I'm gonna
submit them upstream.
They don't have to stay a Ubuntu delta forever.
Since you did most IMHO please let me know if you want to do that.