Skip to content

Commit

Permalink
lxd: Include CAP_SYS_ADMIN in rsync AppArmor profile (#14231)
Browse files Browse the repository at this point in the history 
The `CAP_SYS_ADMIN` cap is required for rsync to write to files using
security.* xattrs. In order to preserve these xattrs and ensure proper
updates when these xattrs are present, we must include this capability
in the rsync AppArmor profile.

Related: #13707.
  • Loading branch information
@tomponline
tomponline authored Oct 8, 2024
2 parents 51c2007 + 38a2cac commit 3f74324
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions lxd/apparmor/rsync.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,7 @@ profile "{{ .name }}" flags=(attach_disconnected,mediate_deleted) {
capability fsetid,
capability mknod,
capability setfcap,
capability sys_admin,
unix (connect, send, receive) type=stream,
Expand Down

0 comments on commit 3f74324

Please sign in to comment.