registry team mailing list archive

Thread
Date

[Bug 649259] Re: insufficient apparmor rights for sound

To: registry@xxxxxxxxxxxxxxxxxxx
From: Jamie Strandboge <jamie@xxxxxxxxxx>
Date: Mon, 27 Sep 2010 20:32:40 -0000
Reply-to: Bug 649259 <649259@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Actually, /etc/apparmor.d/abstractions/libvirt-qemu does have some stuff for pulse, which suggests we should have:
  owner /var/lib/libvirt/.pulse-cookie rwk,  # as opposed to 'rw'
  owner @{PROC}/[0-9]*/fd/ r,
  owner @{PROC}/[0-9]*/fd/* r,
  /usr/bin/pulseaudio PUx,

The problem is that if we add PUx on pulseaudio as well as matching in
@{PROC}, this is likely too much privilege, especially if user's are
running qemu as root. Until there is proper support in the upstream
security driver framework, users will need to adjust the AppArmor
policy.

That said, we could adjust the policy to have the above as comments,
with an appropriate warning.

-- 
insufficient apparmor rights for sound
https://bugs.launchpad.net/bugs/649259
You received this bug notification because you are a member of Registry
Administrators, which is the registrant for Fedora.