External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-03 03:25:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

apparmor: Allow more paths for qemu-bridge-helper

Browse Source 
The QEMU package in Debian has recently moved the
qemu-bridge-helper binary under /usr/libexec/qemu. Update the
AppArmor profile accordingly.

https://bugs.debian.org/1077915

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
This commit is contained in:
Andrea Bolognani 2024-08-05 16:21:31 +02:00
parent 2be2fb9a9f
commit 0caacf47d7
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/security/apparmor/usr.sbin.libvirtd.in
View File

@ -117,7 +117,7 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) {
# allow changing to our UUID-based named profiles # allow changing to our UUID-based named profiles
change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
/usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper Cx -> qemu_bridge_helper, /usr/{lib,lib64,lib/qemu,libexec,libexec/qemu}/qemu-bridge-helper Cx -> qemu_bridge_helper,
# child profile for bridge helper process # child profile for bridge helper process
profile qemu_bridge_helper { profile qemu_bridge_helper {
#include <abstractions/base> #include <abstractions/base>
@ -138,7 +138,7 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) {
/etc/qemu/** r, /etc/qemu/** r,
owner @{PROC}/*/status r, owner @{PROC}/*/status r,
/usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix, /usr/{lib,lib64,lib/qemu,libexec,libexec/qemu}/qemu-bridge-helper rmix,
} }
@BEGIN_APPARMOR_3@ @BEGIN_APPARMOR_3@

4
src/security/apparmor/usr.sbin.virtqemud.in
View File

@ -111,7 +111,7 @@ profile virtqemud @sbindir@/virtqemud flags=(attach_disconnected) {
# allow changing to our UUID-based named profiles # allow changing to our UUID-based named profiles
change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
/usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper Cx -> qemu_bridge_helper, /usr/{lib,lib64,lib/qemu,libexec,libexec/qemu}/qemu-bridge-helper Cx -> qemu_bridge_helper,
# child profile for bridge helper process # child profile for bridge helper process
profile qemu_bridge_helper { profile qemu_bridge_helper {
#include <abstractions/base> #include <abstractions/base>
@ -131,7 +131,7 @@ profile virtqemud @sbindir@/virtqemud flags=(attach_disconnected) {
/etc/qemu/** r, /etc/qemu/** r,
owner @{PROC}/*/status r, owner @{PROC}/*/status r,
/usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix, /usr/{lib,lib64,lib/qemu,libexec,libexec/qemu}/qemu-bridge-helper rmix,
} }
@BEGIN_APPARMOR_3@ @BEGIN_APPARMOR_3@