mirrors/passt
1
0
Fork 0
mirror of https://passt.top/passt synced 2025-05-11 21:08:50 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions
passt/contrib
History
Stefano Brivio f66769c2de apparmor: Workaround for unconfined libvirtd when triggered by unprivileged user 
If libvirtd is triggered by an unprivileged user, the virt-aa-helper
mechanism doesn't work, because per-VM profiles can't be instantiated,
and as a result libvirtd runs unconfined.

This means passt can't start, because the passt subprofile from
libvirt's profile is not loaded either.

Example:

  $ virsh start alpine
  error: Failed to start domain 'alpine'
  error: internal error: Child process (passt --one-off --socket /run/user/1000/libvirt/qemu/run/passt/1-alpine-net0.socket --pid /run/user/1000/libvirt/qemu/run/passt/1-alpine-net0-passt.pid --tcp-ports 40922:2) unexpected fatal signal 11

Add an annoying workaround for the moment being. Much better than
encouraging users to start guests as root, or to disable AppArmor
altogether.

Reported-by: Prafulla Giri <prafulla.giri@protonmail.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
2025-02-06 09:43:09 +01:00
..
apparmor apparmor: Workaround for unconfined libvirtd when triggered by unprivileged user 2025-02-06 09:43:09 +01:00
fedora Introduce passt-repair 2025-02-04 01:28:04 +01:00
kata-containers Don't abbreviate ip(8) arguments in examples and tests 2022-06-15 09:38:10 +02:00
selinux Introduce passt-repair 2025-02-04 01:28:04 +01:00