apparmor: Allow umount(/dev)

[libvirt PATCH 0/1] apparmor: Allow umount(/dev)

Andrea Bolognani posted 1 patch 1 year, 3 months ago

Download series mbox

Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20230118094318.114075-1-abologna@redhat.com

src/security/apparmor/usr.sbin.libvirtd.in  | 1 +
src/security/apparmor/usr.sbin.virtqemud.in | 1 +
2 files changed, 2 insertions(+)

Expand all Fold all

[libvirt PATCH 0/1] apparmor: Allow umount(/dev)

Posted by Andrea Bolognani 1 year, 3 months ago

CC'ing AppArmor experts to get their input :)

This is a farily big hammer, but unfortunately I don't think it's
possible to tell AppArmor "let the driver use umount, but only if
it's running inside a namespace".

Andrea Bolognani (1):
  apparmor: Allow umount(/dev)

 src/security/apparmor/usr.sbin.libvirtd.in  | 1 +
 src/security/apparmor/usr.sbin.virtqemud.in | 1 +
 2 files changed, 2 insertions(+)

-- 
2.39.0

Re: [libvirt PATCH 0/1] apparmor: Allow umount(/dev)

Posted by Jim Fehlig 1 year, 3 months ago

On 1/18/23 02:43, Andrea Bolognani wrote:
> CC'ing AppArmor experts to get their input :)
> 
> This is a farily big hammer, but unfortunately I don't think it's
> possible to tell AppArmor "let the driver use umount, but only if
> it's running inside a namespace".
> 
> Andrea Bolognani (1):
>    apparmor: Allow umount(/dev)
> 
>   src/security/apparmor/usr.sbin.libvirtd.in  | 1 +
>   src/security/apparmor/usr.sbin.virtqemud.in | 1 +
>   2 files changed, 2 insertions(+)

Reviewed-by: Jim Fehlig <jfehlig@suse.com>

Regards,
Jim