--- Begin Message ---
Hello,
for a project we are working on a simple Apparmor profile for KVM-based
VMs in Proxmox.
For now it's a POC with a static profile for the qemu-system-x86_64
binary. The next step would be to patch the Proxmox Perl code to
implement a basic version of dynamic profiles, similar to how it's done
for LXC by Proxmox, or how it's done by libvirt for QEMU/KVM.
Now the thought of bringing this upstream was brought up, but I am a
little concerned about the scope of this endeavor (in particular
considering limited to no perl experience on our side).
I am also aware that there have been requests about this feature by
other users in the forum and on the bug report board, but no specific
promises have been made nor does it appear in the Roadmap
(https://pve.proxmox.com/wiki/Roadmap).
Implementing it for a limited scope/usecase (e.g. only x86, only testing
with some storage type, not testing for a plethora of pass-through
possibilities) seems doable enough, but is this even something you would
even consider accepting as a contribution, or is it more an
all-or-nothing situation where most if not all edgecases need to be
covered from the get-go?
Any feedback is much appreciated.
This is my first mail to this list, so please let me know if I missed
some netiquette.
Best regards,
Sven.
OpenPGP_signature.asc
Description: OpenPGP digital signature
--- End Message ---
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
