External/libvirt
1
0
Fork 0
mirror of https://gitlab.com/libvirt/libvirt.git synced 2025-03-20 07:59:00 +00:00
Code

apparmor: Make abstractions extensible

Browse Source 
Implement the standard AppArmor 3.x abstraction extension
approach.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
This commit is contained in:
Andrea Bolognani 2023-06-29 11:49:35 +02:00
parent 84e01d182e
commit b6092de883
2 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/security/apparmor/libvirt-lxc.in
View File

@ -116,3 +116,7 @@
deny /sys/fs/cgrou[^p]*{,/**} wklx,
deny /sys/fs/cgroup?*{,/**} wklx,
deny /sys/fs?*{,/**} wklx,
@BEGIN_APPARMOR_3@
include if exists <abstractions/libvirt-lxc.d>
@END_APPARMOR_3@

4
src/security/apparmor/libvirt-qemu.in
View File

@ -271,3 +271,7 @@
# required for QEMU accessing UEFI nvram variables
owner /var/lib/libvirt/qemu/nvram/*_VARS.fd rwk,
owner /var/lib/libvirt/qemu/nvram/*_VARS.ms.fd rwk,
@BEGIN_APPARMOR_3@
include if exists <abstractions/libvirt-qemu.d>
@END_APPARMOR_3@