External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-09-30 19:35:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

apparmor: Enable passt support

Browse Source 
passt provides an AppArmor abstraction that covers all the
inner details of its operation, so we can simply import that
and add the libvirt-specific parts on top: namely, passt
needs to be able to create a socket and pid file, while
the libvirt daemon needs to be able to kill passt.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Stefano Brivio <sbrivio@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Andrea Bolognani 2023-03-07 19:20:09 +01:00
parent 2601001115
commit 7a39b04d68
1 changed files with 15 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
src/security/apparmor/libvirt-qemu
View File

@ -185,6 +185,21 @@
/usr/{lib,lib64}/libswtpm_libtpms.so mr, /usr/{lib,lib64}/libswtpm_libtpms.so mr,
/usr/lib/@{multiarch}/libswtpm_libtpms.so mr, /usr/lib/@{multiarch}/libswtpm_libtpms.so mr,
# support for passt network back-end
/usr/bin/passt Cx -> passt,
profile passt {
/usr/bin/passt r,
signal (receive) set=("term") peer=/usr/sbin/libvirtd,
signal (receive) set=("term") peer=libvirtd,
signal (receive) set=("term") peer=virtqemud,
owner /{,var/}run/libvirt/qemu/passt/* rw,
include if exists <abstractions/passt>
}
# for save and resume # for save and resume
/{usr/,}bin/dash rmix, /{usr/,}bin/dash rmix,
/{usr/,}bin/dd rmix, /{usr/,}bin/dd rmix,