Skip to content

Commit

Permalink
incusd/apparmor: Update for current QEMU
Browse files Browse the repository at this point in the history 
Signed-off-by: Stéphane Graber <stgraber@stgraber.org>
  • Loading branch information
@stgraber
stgraber committed Jun 21, 2024
1 parent 2bbcd64 commit d06441c
Show file tree
Hide file tree
Showing 2 changed files with 5 additions and 0 deletions.
1 change: 1 addition & 0 deletions internal/server/apparmor/instance_qemu.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ profile "{{ .name }}" flags=(attach_disconnected,mediate_deleted) {
/etc/ceph/** r,
/etc/machine-id r,
/run/udev/data/* r,
/proc/sys/vm/max_map_count r,
/sys/bus/ r,
/sys/bus/nd/devices/ r,
/sys/bus/usb/devices/ r,
Expand Down
4 changes: 4 additions & 0 deletions internal/server/apparmor/qemuimg.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,11 @@ profile "{{ .name }}" flags=(attach_disconnected,mediate_deleted) {
capability dac_read_search,
capability ipc_lock,
/proc/sys/vm/max_map_count r,
/sys/devices/**/block/*/queue/max_segments r,
/sys/devices/**/block/*/zoned r,
/sys/devices/system/node r,
/sys/devices/system/node/** r,
{{range $index, $element := .allowedCmdPaths}}
{{$element}} mixr,
Expand Down

0 comments on commit d06441c

Please sign in to comment.