Comment # 6 on bug 1065123 from 
(In reply to James Fehlig from comment #4)
> Hmm, already mentioned in #0, but I missed sending/receiving signals from
> unconfined processes. The out-of-the-box default is to run QEMU/KVM
> instances unconfined (security_default_confined = 0 in
> /etc/libvirt/qemu.conf), hence no signals can be sent to reap the processes
> when doing e.g. 'virsh destroy dom'.

Ah, that explains peer=unconfined - intrigeri already wondered why it's needed,
so please add this detail when upstreaming this rule.

> I'll add a downstream patch to allow signals, but I'm not sure how
> restrictive the rule should be. Christian, perhaps I'll start with your
> suggestion but include 'hup'. E.g.
> 
>   signal send set=(term,kill,hup) peer=unconfined,

I only noticed term and kill in my tests, but in comparison, hup is harmless
;-)

> I think the following is a bit too loose 
> 
>   signal (read, send) peer=unconfined,

Right, that would allow way too much.

You are receiving this mail because: