Actually, /etc/apparmor.d/abstractions/libvirt-qemu does have some stuff for
pulse, which suggests we should have:
owner /var/lib/libvirt/.pulse-cookie rwk, # as opposed to 'rw'
owner @{PROC}/[0-9]*/fd/ r,
owner @{PROC}/[0-9]*/fd/* r,
/usr/bin/pulseaudio PUx,
The problem is that if we add PUx on pulseaudio as well as matching in
@{PROC}, this is likely too much privilege, especially if user's are
running qemu as root. Until there is proper support in the upstream
security driver framework, users will need to adjust the AppArmor
policy.
That said, we could adjust the policy to have the above as comments,
with an appropriate warning.
--
insufficient apparmor rights for sound
https://bugs.launchpad.net/bugs/649259
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to libvirt in ubuntu.
--
Ubuntu-server-bugs mailing list
Ubuntu-server-bugs@lists.ubuntu.com
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
