From 4c6feb832f233b8ede9be9ccc6ba3565dad85fae Mon Sep 17 00:00:00 2001 From: Andrea Bolognani Date: Thu, 29 Jun 2023 12:04:02 +0200 Subject: [PATCH] apparmor: Make all profiles extensible Do for all other profiles what we already do for the virt-aa-helper one. In this case we limit the feature to AppArmor 3.x, as it was never implemented for 2.x. Signed-off-by: Andrea Bolognani Reviewed-by: Jim Fehlig --- src/security/apparmor/usr.sbin.libvirtd.in | 4 ++++ src/security/apparmor/usr.sbin.virtqemud.in | 4 ++++ src/security/apparmor/usr.sbin.virtxend.in | 4 ++++ 3 files changed, 12 insertions(+) diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/apparmor/usr.sbin.libvirtd.in index edb8dd8e26..1601d73d47 100644 --- a/src/security/apparmor/usr.sbin.libvirtd.in +++ b/src/security/apparmor/usr.sbin.libvirtd.in @@ -139,4 +139,8 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) { /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix, } + +@BEGIN_APPARMOR_3@ + include if exists +@END_APPARMOR_3@ } diff --git a/src/security/apparmor/usr.sbin.virtqemud.in b/src/security/apparmor/usr.sbin.virtqemud.in index f269c60809..6b9c5d32d9 100644 --- a/src/security/apparmor/usr.sbin.virtqemud.in +++ b/src/security/apparmor/usr.sbin.virtqemud.in @@ -132,4 +132,8 @@ profile virtqemud @sbindir@/virtqemud flags=(attach_disconnected) { /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix, } + +@BEGIN_APPARMOR_3@ + include if exists +@END_APPARMOR_3@ } diff --git a/src/security/apparmor/usr.sbin.virtxend.in b/src/security/apparmor/usr.sbin.virtxend.in index 72e0d801e5..78a11305f5 100644 --- a/src/security/apparmor/usr.sbin.virtxend.in +++ b/src/security/apparmor/usr.sbin.virtxend.in @@ -52,4 +52,8 @@ profile virtxend @sbindir@/virtxend flags=(attach_disconnected) { @libexecdir@/libvirt_iohelper ix, /etc/libvirt/hooks/** rmix, /etc/xen/scripts/** rmix, + +@BEGIN_APPARMOR_3@ + include if exists +@END_APPARMOR_3@ }