mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 21:55:25 +00:00
apparmor: Allow swtpm to use its own apparmor profile
Signed-off-by: Lena Voytek <lena.voytek@canonical.com>
This commit is contained in:
parent
eac8de54a6
commit
d97f8807d2
@ -180,7 +180,7 @@
|
||||
audit deny /{var/,}run/qemu/*/*.so w,
|
||||
|
||||
# swtpm
|
||||
/{usr/,}bin/swtpm rmix,
|
||||
/{usr/,}bin/swtpm rmpix,
|
||||
/usr/{lib,lib64}/libswtpm_libtpms.so mr,
|
||||
/usr/lib/@{multiarch}/libswtpm_libtpms.so mr,
|
||||
|
||||
@ -226,6 +226,7 @@
|
||||
unix (send, receive) type=stream addr=none peer=(label=libvirtd),
|
||||
unix (send, receive) type=stream addr=none peer=(label=/usr/sbin/libvirtd),
|
||||
unix (send, receive) type=stream addr=none peer=(label=virtqemud),
|
||||
unix (send, receive) type=stream addr=none peer=(label=swtpm),
|
||||
|
||||
# for gathering information about available host resources
|
||||
/sys/devices/system/cpu/ r,
|
||||
|
@ -58,6 +58,7 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) {
|
||||
ptrace (read,trace) peer=dnsmasq,
|
||||
ptrace (read,trace) peer=/usr/sbin/dnsmasq,
|
||||
ptrace (read,trace) peer=libvirt-*,
|
||||
ptrace (read,trace) peer=swtpm,
|
||||
|
||||
signal (send) peer=dnsmasq,
|
||||
signal (send) peer=/usr/sbin/dnsmasq,
|
||||
|
Loading…
Reference in New Issue
Block a user