mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 13:45:38 +00:00
apparmor: Enable passt support
passt provides an AppArmor abstraction that covers all the inner details of its operation, so we can simply import that and add the libvirt-specific parts on top: namely, passt needs to be able to create a socket and pid file, while the libvirt daemon needs to be able to kill passt. Signed-off-by: Andrea Bolognani <abologna@redhat.com> Signed-off-by: Stefano Brivio <sbrivio@redhat.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
parent
2601001115
commit
7a39b04d68
@ -185,6 +185,21 @@
|
|||||||
/usr/{lib,lib64}/libswtpm_libtpms.so mr,
|
/usr/{lib,lib64}/libswtpm_libtpms.so mr,
|
||||||
/usr/lib/@{multiarch}/libswtpm_libtpms.so mr,
|
/usr/lib/@{multiarch}/libswtpm_libtpms.so mr,
|
||||||
|
|
||||||
|
# support for passt network back-end
|
||||||
|
/usr/bin/passt Cx -> passt,
|
||||||
|
|
||||||
|
profile passt {
|
||||||
|
/usr/bin/passt r,
|
||||||
|
|
||||||
|
signal (receive) set=("term") peer=/usr/sbin/libvirtd,
|
||||||
|
signal (receive) set=("term") peer=libvirtd,
|
||||||
|
signal (receive) set=("term") peer=virtqemud,
|
||||||
|
|
||||||
|
owner /{,var/}run/libvirt/qemu/passt/* rw,
|
||||||
|
|
||||||
|
include if exists <abstractions/passt>
|
||||||
|
}
|
||||||
|
|
||||||
# for save and resume
|
# for save and resume
|
||||||
/{usr/,}bin/dash rmix,
|
/{usr/,}bin/dash rmix,
|
||||||
/{usr/,}bin/dd rmix,
|
/{usr/,}bin/dd rmix,
|
||||||
|
Loading…
Reference in New Issue
Block a user