Christian Ehrhardt 8f882cf36e apparmor: allow unix stream for p2p migrations ... On live migration with --p2p like: $ virsh migrate --live --p2p kvmguest-bionic-normal \ qemu+ssh://10.6.221.80/system We hit an apparmor deny like: apparmor="DENIED" operation="file_inherit" profile="/usr/sbin/libvirtd" pid=23477 comm="ssh" family="unix" sock_type="stream" protocol=0 requested_mask="send receive" denied_mask="send" addr=none peer_addr=none peer="unconfined" The rule is not perfect, but can't be restricted further at the moment (new upstream kernel features needed). For now the lack of a profile on the peer as well as comm not being a conditional on rules do not allow to filter further. Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>		2018-01-03 09:45:21 +01:00
..
admin	examples: Resolve sign-compare warnings	2016-12-20 13:11:25 +01:00
apparmor	apparmor: allow unix stream for p2p migrations	2018-01-03 09:45:21 +01:00
dominfo	examples: Use one top level makefile	2016-01-09 21:14:12 -05:00
dommigrate	examples: Use one top level makefile	2016-01-09 21:14:12 -05:00
domsuspend	Remove backslash alignment attempts	2017-11-03 13:24:12 +01:00
domtop	Remove backslash alignment attempts	2017-11-03 13:24:12 +01:00
hellolibvirt	examples: Resolve sign-compare warnings	2016-12-20 13:11:25 +01:00
lxcconvert	examples: Use one top level makefile	2016-01-09 21:14:12 -05:00
object-events	Remove backslash alignment attempts	2017-11-03 13:24:12 +01:00
openauth	lib: Fix c99 style comments	2017-04-27 14:13:19 +02:00
polkit	examples: Use one top level makefile	2016-01-09 21:14:12 -05:00
rename	examples: Use one top level makefile	2016-01-09 21:14:12 -05:00
systemtap	examples: Use one top level makefile	2016-01-09 21:14:12 -05:00
xml	examples: Use one top level makefile	2016-01-09 21:14:12 -05:00
Makefile.am	virt-aa-helper: handle more disk images	2017-12-20 11:05:54 +01:00