felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

New @{uuid} variable.

Browse source
This commit is contained in:
Alexandre Pujol 2022-02-22 13:14:46 +00:00
parent 773741c85e
commit 0ee2e4f7ad
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
24 changed files with 47 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

4
apparmor.d/groups/virt/libvirtd
View file

@ -72,7 +72,7 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
signal (send) set=(term) peer=libvirtd//qemu_bridge_helper,
# allow connect with openGraphicsFD, direction reversed in newer versions
unix (send, receive) type=stream addr=none peer=(label=libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*),
unix (send, receive) type=stream addr=none peer=(label=libvirt-@{uuid}),
# unconfined also required if guests run without security module
unix (send, receive) type=stream addr=none peer=(label=unconfined),
@ -113,7 +113,7 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
/etc/xen/scripts/** rmix,
# allow changing to our UUID-based named profiles
change_profile -> libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
change_profile -> libvirt-@{uuid},
/usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper Cx -> qemu_bridge_helper,
# child profile for bridge helper process