Comment 6 for bug 656173
Revision history for this message
| Jamie Strandboge (jdstrand) wrote Re: virt-aa-helper generate incomplete apparmor profiles with chained backing files | #6 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
67d34a1
(Get the code!)
This behavior changed in libvirt 0.8.3 and the pending lucid-security libvirt update and is part of the fix for CVE-2010-2237, CVE-2010-2238 and CVE-2010-2239. From /etc/libvirt/
# If allow_disk_
# images to attempt to identify their format, when not otherwise
# specified in the XML. This is disabled by default.
#
# WARNING: Enabling probing is a security hole in almost all
# deployments. It is strongly recommended that users update their
# guest XML <disk> elements to include <driver type='XXXX'/>
# elements instead of enabling this option.
# allow_disk_
So people can either:
1. adjust /etc/apparmor.
2. adjust /etc/libvirt/
The former is preferred for security reasons, but has to be done for each virtual machine.