[apparmor] [PATCH] Don't unload libvirt's dynamic profiles on reload
Jamie Strandboge
jamie at canonical.com
Tue Feb 22 17:53:20 UTC 2011
On Tue, 2011-02-22 at 09:42 -0800, Kees Cook wrote:
> Hi Jamie,
>
> On Tue, Feb 22, 2011 at 11:36:21AM -0600, Jamie Strandboge wrote:
> > Libvirt generates dynamic profiles using aa_change_profile(). When a
> > dynamic profile is added, it is of the form of 'libvirt-<vm uuid>'. Eg:
> > libvirt-b5779634-a136-b0d1-c0a4-0706752c4f25
> >
> > Currently, the initscripts will unload these profiles on reload, but
> > they shouldn't touch them[1]. This patch special-cases libvirt's
> > profiles for now so this does not happen. If more applications use
> > dynamic profiles, we can in some way generalize this to flag profiles as
> > dynamic.
> >
> > [1]https://bugs.launchpad.net/ubuntu/+source/apparmor/+bug/702774
>
> Note that Ubuntu's init scripts do not use the rc.apparmor.functions file.
Yes, I have committed a very similar patch to the Ubuntu tree. I should
have been more clear on that, especially when referencing an Ubuntu bug.
--
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: This is a digitally signed message part
URL: <https://lists.ubuntu.com/archives/apparmor/attachments/20110222/02982fc6/attachment.pgp>
More information about the AppArmor
mailing list