mir/apparmor
2
0
Fork 0
mirror of https://gitlab.com/apparmor/apparmor synced 2025-08-22 10:07:12 +00:00
Code Issues Releases Wiki Activity

Fix lsblk profile for disks over network

Browse Source 
Fixes: https://bugs.launchpad.net/maas/+bug/2092232

In the lsblk profile, the rule responsible for allowing to read disks
over network was not generic enough to handle some cases, such as IBM
Power. The new rule, `@{sys}/devices/**/host@{int}/** r`, should support
all cases.

Signed-off-by: Maxime Bélair <maxime.belair@canonical.com>
This commit is contained in:
Maxime Bélair 2025-04-02 13:02:28 +02:00
parent 305ef867fb
commit d1108183a7
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
profiles/apparmor.d/lsblk
View File

@ -26,8 +26,8 @@ profile lsblk /usr/bin/lsblk {
@{sys}/devices/virtual/** r, @{sys}/devices/virtual/** r,
@{sys}/devices/platform/** r, @{sys}/devices/platform/** r,
# Needed for Hyper-V VMs (including Azure) # Needed for disks over network e.g. Hyper-V VMs (including Azure), IBM Power, ...
@{sys}/devices/LNXSYSTM:*/LNXSYBUS:*/** r, @{sys}/devices/**/host@{int}/** r,
/dev/sr[0-9]* rk, /dev/sr[0-9]* rk,