diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c index 299dcc644b..db7e7dc871 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -38,6 +38,7 @@ #include "virfile.h" #include "configmake.h" #include "command.h" +#include "logging.h" #define VIR_FROM_THIS VIR_FROM_SECURITY #define SECURITY_APPARMOR_VOID_DOI "0" @@ -791,9 +792,9 @@ AppArmorSetImageFDLabel(virSecurityManagerPtr mgr, } if (virFileResolveLink(proc, &fd_path) < 0) { - virSecurityReportError(VIR_ERR_INTERNAL_ERROR, - "%s", _("could not find path for descriptor")); - return rc; + /* it's a deleted file, presumably. Ignore? */ + VIR_WARN("could not find path for descriptor %s, skipping", proc); + return 0; } return reload_profile(mgr, vm, fd_path, true); diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 14399cce63..4561bb9db4 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -1220,6 +1220,10 @@ main(int argc, char **argv) LOCALSTATEDIR, ctl->def->name); virBufferAsprintf(&buf, " \"/run/libvirt/**/%s.pid\" rwk,\n", ctl->def->name); + virBufferAsprintf(&buf, " \"%s/run/libvirt/**/*.tunnelmigrate.dest.%s\" rw,\n", + LOCALSTATEDIR, ctl->def->name); + virBufferAsprintf(&buf, " \"/run/libvirt/**/*.tunnelmigrate.dest.%s\" rw,\n", + ctl->def->name); if (ctl->files) virBufferAdd(&buf, ctl->files, -1); }