From 84e01d182e054077ce6986a0e23985c6520236a8 Mon Sep 17 00:00:00 2001
From: Andrea Bolognani <abologna@redhat.com>
Date: Thu, 29 Jun 2023 11:47:13 +0200
Subject: [PATCH] apparmor: Only support passt on 3.x

The subprofile can only work by including the abstraction shipped
in the passt package, which we can't assume is present, and
'include if exists' doesn't work well on 2.x.

No distro that's stuck on AppArmor 2.x is likely to be shipping
passt anyway.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
---
 src/security/apparmor/libvirt-qemu.in | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/security/apparmor/libvirt-qemu.in b/src/security/apparmor/libvirt-qemu.in
index 44056b5f14..1548cf23bf 100644
--- a/src/security/apparmor/libvirt-qemu.in
+++ b/src/security/apparmor/libvirt-qemu.in
@@ -185,6 +185,7 @@
   /usr/{lib,lib64}/libswtpm_libtpms.so mr,
   /usr/lib/@{multiarch}/libswtpm_libtpms.so mr,
 
+@BEGIN_APPARMOR_3@
   # support for passt network back-end
   /usr/bin/passt Cx -> passt,
 
@@ -199,6 +200,7 @@
 
     include if exists <abstractions/passt>
   }
+@END_APPARMOR_3@
 
   # for save and resume
   /{usr/,}bin/dash rmix,