https://bugzilla.novell.com/show_bug.cgi?id=694197 https://bugzilla.novell.com/show_bug.cgi?id=694197#c9 Christian Boltz <suse-beta@cboltz.de> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |suse-beta@cboltz.de --- Comment #9 from Christian Boltz <suse-beta@cboltz.de> 2011-08-21 15:00:11 CEST --- For the records: The rule for *.leases is included in AppArmor 2.7 beta1. (In reply to comment #8)
Hmm, I was considering building the libvirt apparmor security driver for openSUSE. It was requested for SLE11 SP2 so I've enabled and tested it there, but hesitated for openSUSE since I was under the impression that the community wasn't too keen on apparmor. Seems I was right and should continue disabling the libvirt apparmor driver. I've never had any bugs or requests for it in openSUSE.
My guess is that most users don't even know about the libvirt apparmor support ;-) If I get http://libvirt.org/drvqemu.html#securitysvirtaa right, libvirt has two sets of protection: a) protection of the host vs. all guests - that's what openSUSE currently has b) protection between guests - that's only possible with the libvirt apparmor support enabled I have to admit I don't really use virtualization, but I'd vote to enable apparmor support in libvirt. The reason is simple - protection between guests sounds very useful to me. Additionally: If someone doesn't like protection between guests (which would be a strange wish IMHO), he can easily disable it with a config option (security_driver="none" in /etc/libvirt/qemu.conf). OTOH, if libvirt is built without apparmor support, it probably needs to be recompiled to enable this feature. That's a lot more work compared to editing a config file. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.