1. Patchew
  2. Libvirt
  3. View series

[PATCH V3 0/2] Apparmor: Add profiles for hypervisor daemons

Jim Fehlig posted 2 patches 2 years, 10 months ago
Test syntax-check failed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20210624204859.4009-1-jfehlig@suse.com
src/security/apparmor/libvirt-qemu          |   3 +
src/security/apparmor/meson.build           |   2 +
src/security/apparmor/usr.sbin.virtqemud.in | 134 ++++++++++++++++++++
src/security/apparmor/usr.sbin.virtxend.in  |  55 ++++++++
4 files changed, 194 insertions(+)
create mode 100644 src/security/apparmor/usr.sbin.virtqemud.in
create mode 100644 src/security/apparmor/usr.sbin.virtxend.in
[PATCH V3 0/2] Apparmor: Add profiles for hypervisor daemons
Posted by Jim Fehlig 2 years, 10 months ago 
V2: https://listman.redhat.com/archives/libvir-list/2021-June/msg00676.html
V1: https://listman.redhat.com/archives/libvir-list/2021-June/msg00456.html

Changes since V2:
Patches 3 and 4 ACKed and pushed since they are bug fixes independent of
modular vs monolithic daemons.

The qemu_bridge_helper subprofile in patch 1 was adjusted for
communication with virtqemud instead of libvirtd.

After snooping through git history, I found a few capabilities explicitly
added for xen that have been added back to the virtxend profile.

Note: The profile for virtlxcd will have to wait until the following
issue is fixed

https://gitlab.com/libvirt/libvirt/-/issues/181

Jim Fehlig (2):
  Apparmor: Add profile for virtqemud
  Apparmor: Add profile for virtxend

 src/security/apparmor/libvirt-qemu          |   3 +
 src/security/apparmor/meson.build           |   2 +
 src/security/apparmor/usr.sbin.virtqemud.in | 134 ++++++++++++++++++++
 src/security/apparmor/usr.sbin.virtxend.in  |  55 ++++++++
 4 files changed, 194 insertions(+)
 create mode 100644 src/security/apparmor/usr.sbin.virtqemud.in
 create mode 100644 src/security/apparmor/usr.sbin.virtxend.in

-- 
2.31.1
Re: [PATCH V3 0/2] Apparmor: Add profiles for hypervisor daemons
Posted by Jim Fehlig 2 years, 9 months ago 
Hi All,

Is it fine to push these patches now that the release is out? Christian E. has 
ACKed 1/2 and Christian B. has 'LGTM' both. Anyone brave enough to ACK 2/2, or 
have further comments? I'd like to get these in since modular daemons are now 
prime-time.

Regards,
Jim

On 6/24/21 2:48 PM, Jim Fehlig wrote:
> V2: https://listman.redhat.com/archives/libvir-list/2021-June/msg00676.html
> V1: https://listman.redhat.com/archives/libvir-list/2021-June/msg00456.html
> 
> Changes since V2:
> Patches 3 and 4 ACKed and pushed since they are bug fixes independent of
> modular vs monolithic daemons.
> 
> The qemu_bridge_helper subprofile in patch 1 was adjusted for
> communication with virtqemud instead of libvirtd.
> 
> After snooping through git history, I found a few capabilities explicitly
> added for xen that have been added back to the virtxend profile.
> 
> Note: The profile for virtlxcd will have to wait until the following
> issue is fixed
> 
> https://gitlab.com/libvirt/libvirt/-/issues/181
> 
> Jim Fehlig (2):
>    Apparmor: Add profile for virtqemud
>    Apparmor: Add profile for virtxend
> 
>   src/security/apparmor/libvirt-qemu          |   3 +
>   src/security/apparmor/meson.build           |   2 +
>   src/security/apparmor/usr.sbin.virtqemud.in | 134 ++++++++++++++++++++
>   src/security/apparmor/usr.sbin.virtxend.in  |  55 ++++++++
>   4 files changed, 194 insertions(+)
>   create mode 100644 src/security/apparmor/usr.sbin.virtqemud.in
>   create mode 100644 src/security/apparmor/usr.sbin.virtxend.in
>
Re: [PATCH V3 0/2] Apparmor: Add profiles for hypervisor daemons
Posted by Michal Prívozník 2 years, 9 months ago 
On 7/6/21 4:37 PM, Jim Fehlig wrote:
> Hi All,
> 
> Is it fine to push these patches now that the release is out? Christian
> E. has ACKed 1/2 and Christian B. has 'LGTM' both. Anyone brave enough
> to ACK 2/2, or have further comments? I'd like to get these in since
> modular daemons are now prime-time.

Yes, it is fine to push these.

Michal
Re: [PATCH V3 0/2] Apparmor: Add profiles for hypervisor daemons
Posted by Neal Gompa 2 years, 9 months ago 
On Thu, Jun 24, 2021 at 4:49 PM Jim Fehlig <jfehlig@suse.com> wrote:
>
> V2: https://listman.redhat.com/archives/libvir-list/2021-June/msg00676.html
> V1: https://listman.redhat.com/archives/libvir-list/2021-June/msg00456.html
>
> Changes since V2:
> Patches 3 and 4 ACKed and pushed since they are bug fixes independent of
> modular vs monolithic daemons.
>
> The qemu_bridge_helper subprofile in patch 1 was adjusted for
> communication with virtqemud instead of libvirtd.
>
> After snooping through git history, I found a few capabilities explicitly
> added for xen that have been added back to the virtxend profile.
>
> Note: The profile for virtlxcd will have to wait until the following
> issue is fixed
>
> https://gitlab.com/libvirt/libvirt/-/issues/181
>
> Jim Fehlig (2):
>   Apparmor: Add profile for virtqemud
>   Apparmor: Add profile for virtxend
>
>  src/security/apparmor/libvirt-qemu          |   3 +
>  src/security/apparmor/meson.build           |   2 +
>  src/security/apparmor/usr.sbin.virtqemud.in | 134 ++++++++++++++++++++
>  src/security/apparmor/usr.sbin.virtxend.in  |  55 ++++++++
>  4 files changed, 194 insertions(+)
>  create mode 100644 src/security/apparmor/usr.sbin.virtqemud.in
>  create mode 100644 src/security/apparmor/usr.sbin.virtxend.in
>
> --
> 2.31.1
>
>

Reviewed-by: Neal Gompa <ngompa13@gmail.com>

-- 
真実はいつも一つ!/ Always, there's only one truth!

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.