apparmor: Make abstractions extensible

Implement the standard AppArmor 3.x abstraction extension approach. Signed-off-by: Andrea Bolognani <abologna@redhat.com> Reviewed-by: Jim Fehlig <jfehlig@suse.com>
2025-03-07 17:28:15 +00:00 · 2023-06-29 11:49:35 +02:00 · 2023-06-29 11:49:35 +02:00 · b6092de883
commit b6092de883
parent 84e01d182e
2 changed files with 8 additions and 0 deletions
--- a/src/security/apparmor/libvirt-lxc.in
+++ b/src/security/apparmor/libvirt-lxc.in
@ -116,3 +116,7 @@
  deny /sys/fs/cgrou[^p]*{,/**} wklx,
  deny /sys/fs/cgroup?*{,/**} wklx,
  deny /sys/fs?*{,/**} wklx,
@BEGIN_APPARMOR_3@
  include if exists <abstractions/libvirt-lxc.d>
@END_APPARMOR_3@
--- a/src/security/apparmor/libvirt-qemu.in
+++ b/src/security/apparmor/libvirt-qemu.in
@ -271,3 +271,7 @@
  # required for QEMU accessing UEFI nvram variables
  owner /var/lib/libvirt/qemu/nvram/*_VARS.fd rwk,
  owner /var/lib/libvirt/qemu/nvram/*_VARS.ms.fd rwk,
@BEGIN_APPARMOR_3@
  include if exists <abstractions/libvirt-qemu.d>
@END_APPARMOR_3@