External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2024-08-05 08:23:48 +00:00
Code Issues Packages Projects Releases Wiki Activity

apparmor: convert libvirtd profile to a named profile

Browse Source 
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
This commit is contained in:
Jim Fehlig 2019-01-11 17:59:59 -07:00
parent 70c2933da2
commit a3ab6d42d8
1 changed files with 3 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/security/apparmor/usr.sbin.libvirtd
View File

@ -2,7 +2,7 @@
#include <tunables/global>
@{LIBVIRT}="libvirt"
/usr/sbin/libvirtd flags=(attach_disconnected) {
profile libvirtd /usr/sbin/libvirtd flags=(attach_disconnected) {
#include <abstractions/base>
#include <abstractions/dbus>
@ -51,7 +51,7 @@
unix (send, receive) type=stream addr=none peer=(label=unconfined addr=none),
ptrace (read,trace) peer=unconfined,
ptrace (read,trace) peer=/usr/sbin/libvirtd,
ptrace (read,trace) peer=@{profile_name},
ptrace (read,trace) peer=dnsmasq,
ptrace (read,trace) peer=/usr/sbin/dnsmasq,
ptrace (read,trace) peer=libvirt-*,
@ -123,6 +123,7 @@
# For communication/control from libvirtd
unix (send, receive) type=stream addr=none peer=(label=/usr/sbin/libvirtd),
signal (receive) set=("term") peer=/usr/sbin/libvirtd,
signal (receive) set=("term") peer=libvirtd,
/dev/net/tun rw,
/etc/qemu/** r,