External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-03 03:25:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

AppArmor: add rules needed with additional mediation features brought by Linux 4.14.

Browse Source
This commit is contained in:
intrigeri 2017-11-19 14:57:33 +00:00 committed by Guido Günther
parent 2f3054c22a
commit 3b1d19e6c9
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
examples/apparmor/libvirt-qemu
View File

@ -16,6 +16,10 @@
network inet stream,
network inet6 stream,
ptrace (readby, tracedby) peer=/usr/sbin/libvirtd,
signal (receive) peer=/usr/sbin/libvirtd,
/dev/net/tun rw,
/dev/kvm rw,
/dev/ptmx rw,

4
examples/apparmor/usr.sbin.libvirtd
View File

@ -34,6 +34,7 @@
network inet dgram,
network inet6 stream,
network inet6 dgram,
network netlink raw,
network packet dgram,
network packet raw,
@ -42,6 +43,9 @@
ptrace (trace) peer=/usr/sbin/dnsmasq,
ptrace (trace) peer=libvirt-*,
signal (send) peer=/usr/sbin/dnsmasq,
signal (read, send) peer=libvirt-*,
# Very lenient profile for libvirtd since we want to first focus on confining
# the guests. Guests will have a very restricted profile.
/ r,