intrigeri wrote (24 Aug 2015 09:12:33 GMT) :
> Once the Git repo is up-to-date, I'll send an updated debdiff to the
> release team.
Done.
Hi,
On Mon, Aug 24, 2015 at 11:12:33AM +0200, intrigeri wrote:
> Hi,
>
> Guido Günther wrote (21 Aug 2015 13:33:50 GMT) :
> > On Fri, Aug 21, 2015 at 11:12:33AM +0200, intrigeri wrote:
> >> The path I would prefer is: submit an updated debdiff that does not
> >> contain these bonus "deny" rules. I
Hi,
Guido Günther wrote (21 Aug 2015 13:33:50 GMT) :
> On Fri, Aug 21, 2015 at 11:12:33AM +0200, intrigeri wrote:
>> The path I would prefer is: submit an updated debdiff that does not
>> contain these bonus "deny" rules. I could prepare it if we agree on
>> that, assuming the current state of thi
Hi,
On Fri, Aug 21, 2015 at 11:12:33AM +0200, intrigeri wrote:
> Hi,
>
> Guido Günther wrote (21 Aug 2015 08:37:53 GMT) :
> > On Fri, Aug 21, 2015 at 09:08:46AM +0200, intrigeri wrote:
> >> Felix Geyer wrote (20 Aug 2015 09:18:59 GMT) :
> >> > The deny rules aren't strictly necessary but they sile
Hi,
Guido Günther wrote (21 Aug 2015 08:37:53 GMT) :
> On Fri, Aug 21, 2015 at 09:08:46AM +0200, intrigeri wrote:
>> Felix Geyer wrote (20 Aug 2015 09:18:59 GMT) :
>> > The deny rules aren't strictly necessary but they silence those (harmless)
>> > denials.
>>
>> Thanks for the clarification. I
Hi,
On Fri, Aug 21, 2015 at 09:08:46AM +0200, intrigeri wrote:
> Felix Geyer wrote (20 Aug 2015 09:18:59 GMT) :
> > The deny rules aren't strictly necessary but they silence those (harmless)
> > denials.
>
> Thanks for the clarification. I don't think that silencing harmless denials
> qualifies f
Felix Geyer wrote (20 Aug 2015 09:18:59 GMT) :
> The deny rules aren't strictly necessary but they silence those (harmless)
> denials.
Thanks for the clarification. I don't think that silencing harmless denials
qualifies for a stable pu.
> I'm not quite sure why virt-aa-helper opens the devices
On 20.08.2015 09:54, intrigeri wrote:
> Guido Günther wrote (19 Aug 2015 16:56:46 GMT) :
>>># for hostdev
>>>/sys/devices/ r,
>>>/sys/devices/** r,
>>> + deny /dev/sd* r,
>>> + deny /dev/vd* r,
>>> + deny /dev/dm-* r,
>>> + deny /dev/mapper/ r,
>>> + deny /dev/mapper/* r,
>> ...wha
Guido Günther wrote (19 Aug 2015 16:56:46 GMT) :
>># for hostdev
>>/sys/devices/ r,
>>/sys/devices/** r,
>> + deny /dev/sd* r,
>> + deny /dev/vd* r,
>> + deny /dev/dm-* r,
>> + deny /dev/mapper/ r,
>> + deny /dev/mapper/* r,
> ...what is this for? We don't have this hunk upstream
Hi,
The release team (righfully asked)
On Fri, Jun 12, 2015 at 10:17:49PM +0200, Felix Geyer wrote:
[..snip..]
> --- libvirt-1.2.16.orig/examples/apparmor/usr.lib.libvirt.virt-aa-helper
> +++ libvirt-1.2.16/examples/apparmor/usr.lib.libvirt.virt-aa-helper
> @@ -16,9 +16,16 @@ profile virt-aa-help
Hi,
On Tue, Aug 11, 2015 at 09:04:35PM +0200, intrigeri wrote:
> Hi,
>
> Guido Günther wrote (13 Jun 2015 11:09:36 GMT) :
> > Thanks. In case anybody wants to test this:
>
> > http://honk.sigxcpu.org/projects/libvirt/snapshots/
>
> I've applied these changes to usr.lib.libvirt.virt-aa-helper
Hi,
Guido Günther wrote (13 Jun 2015 11:09:36 GMT) :
> Thanks. In case anybody wants to test this:
> http://honk.sigxcpu.org/projects/libvirt/snapshots/
I've applied these changes to usr.lib.libvirt.virt-aa-helper locally
("current" sid modulo gcc-5 transition), reloaded that profile,
restar
On Fri, Jun 12, 2015 at 10:17:49PM +0200, Felix Geyer wrote:
> Hi,
>
> On Sun, 24 May 2015 16:51:27 + Luke Faraone wrote:
> > On Sun, 2015-05-24 at 09:43 +0200, Guido Günther wrote:
> > > Hi,
> > > thanks for the patch.
> > > On Sun, May 24, 2015 at 12:14:48AM +, Luke Faraone wrote:
> >
Hi,
On Sun, 24 May 2015 16:51:27 + Luke Faraone wrote:
> On Sun, 2015-05-24 at 09:43 +0200, Guido Günther wrote:
> > Hi,
> > thanks for the patch.
> > On Sun, May 24, 2015 at 12:14:48AM +, Luke Faraone wrote:
> > [..snip..]
> > > --- usr.lib.libvirt.virt-aa-helper2015-05-23 23:43
On Sun, 2015-05-24 at 09:43 +0200, Guido Günther wrote:
> Hi,
> thanks for the patch.
> On Sun, May 24, 2015 at 12:14:48AM +, Luke Faraone wrote:
> [..snip..]
> > --- usr.lib.libvirt.virt-aa-helper 2015-05-23 23:43:44.751750819 +
> > +++ /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper 2015
Hi,
thanks for the patch.
On Sun, May 24, 2015 at 12:14:48AM +, Luke Faraone wrote:
[..snip..]
> --- usr.lib.libvirt.virt-aa-helper2015-05-23 23:43:44.751750819 +
> +++ /etc/apparmor.d/usr.lib.libvirt.virt-aa-helper2015-05-24
> 00:03:13.039766331 +
> @@ -1,7 +1,7 @@
> # Last M
Package: libvirt-daemon-system
Version: 1.2.9-9
Severity: normal
File: /etc/apparmor.d/libvirt/TEMPLATE.qemu
Tags: patch
On attempting to create a new virtual machine with KVM:
May 23 23:26:39 aqua kernel: [ 318.993668] audit: type=1400
audit(1432423599.343:63): apparmor="DENIED" operation="open
17 matches
Mail list logo
