From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=pass (p=quarantine dis=none) header.from=protonmail.com Authentication-Results: passt.top; dkim=pass (2048-bit key; secure) header.d=protonmail.com header.i=@protonmail.com header.a=rsa-sha256 header.s=protonmail3 header.b=I1ax5oJl; dkim-atps=neutral Received: from mail-4325.protonmail.ch (mail-4325.protonmail.ch [185.70.43.25]) by passt.top (Postfix) with ESMTPS id CA78A5A0272 for ; Wed, 05 Feb 2025 08:40:40 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=protonmail.com; s=protonmail3; t=1738741240; x=1739000440; bh=RePmOodra+mhiaa9147+SdY++tvViEx1yIfUFRwuWlQ=; h=Date:To:From:Cc:Subject:Message-ID:In-Reply-To:References: Feedback-ID:From:To:Cc:Date:Subject:Reply-To:Feedback-ID: Message-ID:BIMI-Selector:List-Unsubscribe:List-Unsubscribe-Post; b=I1ax5oJl7VNEmi0g+Dznz9KHo/jznu7YQ8Lq6etam+qEgDW7v5aCRnyPEund2dRdE vZlm7MIE5jo8i98b/ugcZvGhmecKSZWzRVveRFFwU0g+RPCBBVlRmcBXNkPFOFs93N ieoMF/huCjmjAR3RhmydA2gPVAK30FJKYbcflN7jZe/5+EYkV6QmQJw50NiZK+Xndk 8r0dehv5DJhygR6T0hynUh47y8MmDuH8XEMEpDyEauENTQV8ZXdAqPrzuZJW2cV40Y xWUlyipjJ3YX5wPiAlLCIBaRzwA0go+0DQ5hGKk7a/arPtxH3CE3WvoGD2YxCK0zcW l5qtlqRafGmqQ== Date: Wed, 05 Feb 2025 07:40:34 +0000 To: Stefano Brivio From: Prafulla Giri Subject: Re: Apparmor (and other) Issues Message-ID: In-Reply-To: <20250204233441.6cda8c64@elisabeth> References: <20250204111724.48b73b37@elisabeth> <20250204172242.76889328@elisabeth> <20250204201448.0bf3f7a3@elisabeth> <20250204233441.6cda8c64@elisabeth> Feedback-ID: 33818994:user:proton X-Pm-Message-ID: a07e193f066b8602c5eabc3c4ee8f30b6bb7a3e8 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: I5IAKOEOWW43NNMPWE375WUNXVSU2UI5 X-Message-ID-Hash: I5IAKOEOWW43NNMPWE375WUNXVSU2UI5 X-MailFrom: prafulla.giri@protonmail.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: Andrea Bolognani , "passt-dev@passt.top" X-Mailman-Version: 3.3.8 Precedence: list List-Id: Development discussion and patches for passt Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: I am glad such capable maintainers are handling this. If I may ask, however: could this simply not be dealt with by allowing pass= t binary access to $XDG_RUNTIME_DIR of the user in the apparmor profile? Fo= rgive me, I am just a novice. But from my lack-of-understanding this issue = looks like an issue of passt process not being able to create a socket insi= de a libvirt-maintained directory inside /run/user/$UID and that is why dis= abling the apparmor profile for passt seems to work-around this (?) Are the= re security concerns with this? Only asking out of curiosity.