create apparmor security plugin for libvirt
Bug #388422 reported by
Jamie Strandboge
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
libvirt (Ubuntu) |
Fix Released
|
Wishlist
|
Jamie Strandboge |
Bug Description
Virtual machines started by libvirt run unconfined. If there is a bug in the hypervisor a guest could potentially attack other guests or the host. Providing an AppArmor profile would help protect against this. As of libvirt 0.6.1, sVirt has been merged and contains all the necessary hooks through a plugin architecture to confine a virtual machine using SELinux. Providing an AppArmor plugin would help increase security and contain virtual machines in Ubuntu.
See https:/
Related branches
Changed in libvirt (Ubuntu): | |
assignee: | nobody → Jamie Strandboge (jdstrand) |
importance: | Undecided → Wishlist |
milestone: | none → karmic-alpha-6 |
status: | New → Triaged |
description: | updated |
Changed in libvirt (Ubuntu): | |
status: | Triaged → In Progress |
To post a comment you must log in.
This bug was fixed in the package libvirt - 0.7.0-1ubuntu2
---------------
libvirt (0.7.0-1ubuntu2) karmic; urgency=low
* Add AppArmor support (LP: #388422): patches/ 9090-reenable- nonfile- labels. patch: add back in ObjPtr argument to RestoreSecurity ImageLabel since AppArmor patches/ 9091-apparmor. patch: add AppArmor security driver patches/ 9092-apparmor- autoreconf. patch: after installing libtool libvirt- bin.dirs: add /etc/apparmor. d/libvirt, etc/apparmor. d/abstractions, and /etc/apparmor. d/force- complain libvirt- bin.install: install profiles and abstractions libvirt- bin.preinst: newly added to force complain on certian libvirt- bin.postinst: (re)load profile libvirt- bin.postrm: remove force-complain profile on purge unix-socket- timeout. patch: logoutput- timeout. patch. This is needed with rUnix() function introduced in 0.7.0. libvirt- bin.apport libvirt- bin.dirs: add /usr/share/ apport/ package- hooks libvirt- bin.install: add source_ libvirt- bin.py
- debian/
virDomain
labels are not stored on disk
- debian/
- debian/
and the build dependencies, run autoreconf to pull in changes to
Makefile.am and configure.in in 9091-apparmor.patch
- debian/rules: use --with-apparmor and copy debian/apparmor/* to
debian/tmp
- debian/control: Build-Depends on libapparmor-dev and Suggests apparmor
>= 2.3+1289-0ubuntu14
- add profiles and abstractions to debian/apparmor. usr.sbin.libvirtd will
default to complain mode until LP: #401931 is sorted out
- debian/
/
- debian/
- debian/
upgrades
- debian/
- debian/
* 9006-increase-
increase timeout waiting for unix socket in src/qemu_driver.c, set to 30
seconds, which 10x longer than before, and matches the logoutput timeout
adjustment in 9003-increase-
the new qemudOpenMonito
* add apport hook:
- add debian/
- debian/
- debian/
- debian/rules: install libvirt-bin.apport
libvirt (0.7.0-1ubuntu1) karmic; urgency=low
* Merge from debian experimental, remaining changes: iff_up_ bridge. patch: clobber_ existing_ bridges. patch: default_ uri_virsh. patch: logoutput- timeout. patch: default- arch.patch:
- debian/control:
+ Don't build-depend on QEmu.
+ Bump bridge-utils, dnsmasq-base, netcat-openbsd, and iptables
to Depends of libvirt-bin.
+ Add versioned Conflicts/Replaces to libvirt0 for libvirt0-dbg,
since we used to ship them as such.
+ We call libxen-dev libxen3-dev, so change all references.
+ Build-Depends on open-iscsi-utils instead of open-iscsi due to
LP: #414986
- 9000-delayed_
Don't try to bring up the bridge before at least one interface has been
added to it.
- 9001-dont_
Assign the name of the virtual bridge dynamically to avoid interfering
with existing bridges.
- 9002-better_
Default to qemu:///system if the user has write access to the libvirt
socket, otherwise qemu:///session.
- 9003-increase-
increase timeout waiting for log output in src/qemu_driver.c, set to 30
seconds, which 10x longer than before, and matches the disk-wait in
mdadm. (LP #344400)
- 9004-better-
If a d...