diff --git a/apparmor.d/groups/gnome/gnome-boxes b/apparmor.d/groups/gnome/gnome-boxes index fe2ce9037..cc6316522 100644 --- a/apparmor.d/groups/gnome/gnome-boxes +++ b/apparmor.d/groups/gnome/gnome-boxes @@ -10,6 +10,7 @@ include profile gnome-boxes @{exec_path} { include include + include include network netlink raw, @@ -71,10 +72,11 @@ profile gnome-boxes @{exec_path} { @{HOME}/.themes/{,**} r, @{HOME}/orcexec.@{rand6} rw, + @{run}/user/@{uid}/libvirt/ rw, + @{run}/user/@{uid}/libvirt/common/ rw, @{run}/user/@{uid}/libvirt/common/system.token rwk, - @{run}/user/@{uid}/libvirt/qemu@{run}/ r, - @{run}/user/@{uid}/libvirt/qemu@{run}/dbus/ w, - @{run}/user/@{uid}/libvirt/qemu@{run}/driver.pid rwk, + @{run}/user/@{uid}/libvirt/qemu/ rw, + @{run}/user/@{uid}/libvirt/hostdevmgr/ rw, @{run}/user/@{uid}/libvirt/virtqemud.pid wk, @{run}/user/@{uid}/libvirt/virtlogd.pid rwk, @{run}/user/@{uid}/libvirt/virtlogd* w, @@ -85,10 +87,8 @@ profile gnome-boxes @{exec_path} { @{run}/user/@{uid}/libvirt/virtstoraged.lock rwk, @{run}/user/@{uid}/libvirt/virtstoraged.pid rwk, @{run}/user/@{uid}/libvirt/storage/{,**} rwk, - @{run}/user/@{uid}/libvirt/qemu@{run}/**.pid rwk, - @{run}/user/@{uid}/libvirt/qemu@{run}/**.xml.new rw, - @{run}/user/@{uid}/libvirt/qemu@{run}/**.xml rw, - @{run}/user/@{uid}/libvirt/qemu@{run}/channel/{,**} rw, + @{run}/user/@{uid}/libvirt/qemu@{run}/{,**} rwk, + @{run}/utmp rk, @{run}/udev/data/{,**} r, @{run}/user/@{uid}/orcexec.@{rand6} rw, @@ -101,9 +101,6 @@ profile gnome-boxes @{exec_path} { @{user_cache_dirs}/libvirt/qemu/log/{,**} rw, @{user_cache_dirs}/gstreamer-1.0/registry.x86_64** rw, - owner @{user_cache_dirs}/mesa_shader_cache_db/index rw, - owner @{user_cache_dirs}/mesa_shader_cache_db/part@{int}/mesa_cache.db rwk, - owner @{user_cache_dirs}/mesa_shader_cache_db/part@{int}/mesa_cache.idx rwk, owner @{user_cache_dirs}/thumbnails/large/@{hex32}.png r, owner @{user_cache_dirs}/gnome-boxes/@{uuid}-screenshot.png rw,