felipe/apparmor.d
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(profile): add support for qemu-img in gnome-boxes

Browse source 
fix #698
This commit is contained in:
Alexandre Pujol 2025-03-23 14:19:02 +01:00
parent 5e225ed0ec
commit acf423fd86
No known key found for this signature in database
GPG key ID: C5469996F0DF68EC
1 changed files with 8 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

9
apparmor.d/groups/gnome/gnome-boxes
View file

@ -32,8 +32,9 @@ profile gnome-boxes @{exec_path} {
@{open_path} rPx -> child-open,
@{bin}/virtqemud rPUx,
@{bin}/qemu-img rix,
@{bin}/virsh rCx -> virsh,
@{bin}/virtqemud rPUx,
/usr/share/osinfo/{,**} r,
/usr/share/gnome-boxes/{,**} r,
@ -63,6 +64,8 @@ profile gnome-boxes @{exec_path} {
@{run}/mount/utab r,
@{run}/udev/data/c@{dynamic}:@{int} r, # For dynamic assignment range 234 to 254, 384 to 511
owner @{sys}/fs/cgroup/user.slice/user-@{uid}.slice/user@@{uid}.service/app.slice/app-dbus*org.gnome.Boxes.slice/*/memory.* r,
@{PROC}/sys/net/ipv6/conf/all/disable_ipv6 r,
@ -70,6 +73,10 @@ profile gnome-boxes @{exec_path} {
owner @{PROC}/@{pid}/cgroup r,
owner @{PROC}/@{pid}/cmdline r,
owner @{PROC}/@{pid}/mountinfo r,
owner @{PROC}/@{pid}/stat r,
/dev/media@{int} rw,
/dev/video@{int} rw,
deny owner @{user_share_dirs}/gvfs-metadata/{,*} r,