[libvirt] [PATCH 1/2] Apparmor qemu abstraction fixes for SLES
Cédric Bosdonnat
cbosdonnat at suse.com
Thu Apr 9 09:25:13 UTC 2015
SLES 11 has legacy qemu-kvm package, /usr/bin/qemu-kvm and
/usr/share/qemu-kvm need to be accessed by domains.
---
examples/apparmor/libvirt-qemu | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
index 7aad391..a3043dd 100644
--- a/examples/apparmor/libvirt-qemu
+++ b/examples/apparmor/libvirt-qemu
@@ -59,6 +59,7 @@
# access to firmware's etc
/usr/share/kvm/** r,
/usr/share/qemu/** r,
+ /usr/share/qemu-kvm/** r,
/usr/share/bochs/** r,
/usr/share/openbios/** r,
/usr/share/openhackware/** r,
@@ -73,6 +74,7 @@
# the various binaries
/usr/bin/kvm rmix,
/usr/bin/qemu rmix,
+ /usr/bin/qemu-kvm rmix,
/usr/bin/qemu-system-arm rmix,
/usr/bin/qemu-system-cris rmix,
/usr/bin/qemu-system-i386 rmix,
@@ -118,12 +120,19 @@
/bin/dd rmix,
/bin/cat rmix,
+ # for restore
+ /bin/bash rmix,
+
# for usb access
/dev/bus/usb/ r,
/etc/udev/udev.conf r,
/sys/bus/ r,
/sys/class/ r,
+ # nscd pieces
+ /run/nscd/group r,
+ /run/nscd/passwd r,
+
/usr/{lib,libexec}/qemu-bridge-helper Cx -> qemu_bridge_helper,
# child profile for bridge helper process
profile qemu_bridge_helper {
--
2.1.4
More information about the libvir-list
mailing list