From nobody Mon May  6 14:21:14 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28
 as permitted sender) client-ip=209.132.183.28;
 envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com;
Authentication-Results: mx.zohomail.com;
	spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com
Return-Path: <libvir-list-bounces@redhat.com>
Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by
 mx.zohomail.com
	with SMTPS id 1516203839144991.0764953526874;
 Wed, 17 Jan 2018 07:43:59 -0800 (PST)
Received: from smtp.corp.redhat.com (int-mx01.intmail.prod.int.phx2.redhat.com
 [10.5.11.11])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 40543CD17D;
	Wed, 17 Jan 2018 15:43:46 +0000 (UTC)
Received: from colo-mx.corp.redhat.com
 (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 9D4C317C2A;
	Wed, 17 Jan 2018 15:43:41 +0000 (UTC)
Received: from lists01.pubmisc.prod.ext.phx2.redhat.com
 (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33])
	by colo-mx.corp.redhat.com (Postfix) with ESMTP id C4A69410B3;
	Wed, 17 Jan 2018 15:43:32 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com
	[10.5.11.13])
	by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP
	id w0HFgOG7021169 for <libvir-list@listman.util.phx.redhat.com>;
	Wed, 17 Jan 2018 10:42:24 -0500
Received: by smtp.corp.redhat.com (Postfix)
	id 6463E60BE9; Wed, 17 Jan 2018 15:42:24 +0000 (UTC)
Received: from mx1.redhat.com (ext-mx05.extmail.prod.ext.phx2.redhat.com
	[10.5.110.29])
	by smtp.corp.redhat.com (Postfix) with ESMTPS id 5630985595
	for <libvir-list@redhat.com>; Wed, 17 Jan 2018 15:42:20 +0000 (UTC)
Received: from honk.sigxcpu.org (honk.sigxcpu.org [24.134.29.49])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mx1.redhat.com (Postfix) with ESMTPS id 763A93DE3E
	for <libvir-list@redhat.com>; Wed, 17 Jan 2018 15:42:19 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by honk.sigxcpu.org (Postfix) with ESMTP id 92C5DFB04;
	Wed, 17 Jan 2018 16:34:02 +0100 (CET)
Received: from honk.sigxcpu.org ([127.0.0.1])
	by localhost (honk.sigxcpu.org [127.0.0.1]) (amavisd-new, port 10024)
	with ESMTP id Vg2uq56iykjf; Wed, 17 Jan 2018 16:34:01 +0100 (CET)
Received: by bogon.sigxcpu.org (Postfix, from userid 1000)
	id 9AFBA45E79; Wed, 17 Jan 2018 16:34:01 +0100 (CET)
X-Virus-Scanned: Debian amavisd-new at honk.sigxcpu.org
Date: Wed, 17 Jan 2018 16:34:01 +0100
From: Guido =?iso-8859-1?Q?G=FCnther?= <agx@sigxcpu.org>
To: libvir-list@redhat.com
Message-ID: <20180117153401.GA16629@bogon.m.sigxcpu.org>
Mail-Followup-To: Guido =?iso-8859-1?Q?G=FCnther?= <agx@sigxcpu.org>,
	libvir-list@redhat.com, intrigeri <intrigeri+libvirt@boum.org>,
	Christian Ehrhardt <christian.ehrhardt@canonical.com>
MIME-Version: 1.0
Content-Disposition: inline
User-Agent: Mutt/1.9.2 (2017-12-15)
X-Greylist: Delayed for 00:09:48 by milter-greylist-4.5.16 (mx1.redhat.com
	[10.5.110.29]); Wed, 17 Jan 2018 15:42:19 +0000 (UTC)
X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com
 [10.5.110.29]);
	Wed, 17 Jan 2018 15:42:19 +0000 (UTC) for IP:'24.134.29.49'
	DOMAIN:'honk.sigxcpu.org' HELO:'honk.sigxcpu.org'
	FROM:'agx@sigxcpu.org' RCPT:''
X-RedHat-Spam-Score: -0.01 (T_RP_MATCHES_RCVD) 24.134.29.49 honk.sigxcpu.org
	24.134.29.49 honk.sigxcpu.org <agx@sigxcpu.org>
X-Scanned-By: MIMEDefang 2.78 on 10.5.110.29
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13
X-loop: libvir-list@redhat.com
Cc: intrigeri <intrigeri+libvirt@boum.org>,
	Christian Ehrhardt <christian.ehrhardt@canonical.com>
Subject: [libvirt] [PATCH] apparmor: allow libvirt to send term signal to
	unconfined
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.12
Precedence: junk
List-Id: Development discussions about the libvirt library & tools
	<libvir-list.redhat.com>
List-Unsubscribe: <https://www.redhat.com/mailman/options/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/libvir-list>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/libvir-list>,
	<mailto:libvir-list-request@redhat.com?subject=subscribe>
Content-Transfer-Encoding: quoted-printable
Sender: libvir-list-bounces@redhat.com
Errors-To: libvir-list-bounces@redhat.com
X-Scanned-By: MIMEDefang 2.79 on 10.5.11.11
X-Greylist: Sender IP whitelisted,
 not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.38]);
 Wed, 17 Jan 2018 15:43:58 +0000 (UTC)
X-ZohoMail: RSF_0  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

Otherwise stopping domains with qemu://session fails like

[164012.338157] audit: type=3D1400 audit(1516202208.784:99): apparmor=3D"DE=
NIED" operation=3D"signal" profile=3D"/usr/sbin/libvirtd" pid=3D18835 comm=
=3D"libvirtd" requested_mask=3D"send" denied_mask=3D"send" signal=3Dterm pe=
er=3D"unconfined"
Reviewed-by: intrigeri@boum.org
---
 examples/apparmor/usr.sbin.libvirtd | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sb=
in.libvirtd
index 0ddec3f6e2..be4fabf905 100644
--- a/examples/apparmor/usr.sbin.libvirtd
+++ b/examples/apparmor/usr.sbin.libvirtd
@@ -63,7 +63,7 @@
=20
   signal (send) peer=3D/usr/sbin/dnsmasq,
   signal (read, send) peer=3Dlibvirt-*,
-  signal (send) set=3D("kill") peer=3Dunconfined,
+  signal (send) set=3D("kill", "term") peer=3Dunconfined,
=20
   # Very lenient profile for libvirtd since we want to first focus on conf=
ining
   # the guests. Guests will have a very restricted profile.
--=20
2.15.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list