External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-12-22 05:35:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Allow apparmor parser to be executed in /usr/bin

Browse Source 
This commit modifies the AppArmor profile for virt-aa-helper to
accommodate an observed behavior in certain Linux distributions,
such as ArchLinux.

In these distributions, /usr/sbin symlinks to /usr/bin. To ensure
that virt-aa-helper can execute apparmor_parser when it resides
in /usr/bin, the profile has been updated accordingly.

Signed-off-by: Tom <libvirt-patch@douile.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
This commit is contained in:
Tom 2024-08-20 23:30:59 +00:00 committed by Andrea Bolognani
parent d15b7c3859
commit 5f6ccb0875
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in
View File

@ -41,7 +41,7 @@ profile virt-aa-helper @libexecdir@/virt-aa-helper {
deny /dev/mapper/* r,
@libexecdir@/virt-aa-helper mr,
/{usr/,}sbin/apparmor_parser Ux,
/{usr/,}{s,}bin/apparmor_parser Ux,
@sysconfdir@/apparmor.d/libvirt/* r,
@sysconfdir@/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw,