External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-01-18 10:35:20 +00:00
Code Issues Packages Projects Releases Wiki Activity

AppArmor: add rules needed with additional mediation features brought by Linux 4.14.

Browse Source
This commit is contained in:
intrigeri 2017-11-19 14:57:33 +00:00 committed by Guido Günther
parent 2f3054c22a
commit 3b1d19e6c9
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
examples/apparmor/libvirt-qemu
View File

@ -16,6 +16,10 @@
network inet stream, network inet stream,
network inet6 stream, network inet6 stream,
ptrace (readby, tracedby) peer=/usr/sbin/libvirtd,
signal (receive) peer=/usr/sbin/libvirtd,
/dev/net/tun rw, /dev/net/tun rw,
/dev/kvm rw, /dev/kvm rw,
/dev/ptmx rw, /dev/ptmx rw,

4
examples/apparmor/usr.sbin.libvirtd
View File

@ -34,6 +34,7 @@
network inet dgram, network inet dgram,
network inet6 stream, network inet6 stream,
network inet6 dgram, network inet6 dgram,
network netlink raw,
network packet dgram, network packet dgram,
network packet raw, network packet raw,
@ -42,6 +43,9 @@
ptrace (trace) peer=/usr/sbin/dnsmasq, ptrace (trace) peer=/usr/sbin/dnsmasq,
ptrace (trace) peer=libvirt-*, ptrace (trace) peer=libvirt-*,
signal (send) peer=/usr/sbin/dnsmasq,
signal (read, send) peer=libvirt-*,
# Very lenient profile for libvirtd since we want to first focus on confining # Very lenient profile for libvirtd since we want to first focus on confining
# the guests. Guests will have a very restricted profile. # the guests. Guests will have a very restricted profile.
/ r, / r,