[libvirt] [PATCH 1/2] Teach AppArmor, that /usr/lib64 may exist.
Cedric Bosdonnat
cbosdonnat at suse.com
Mon Jan 5 09:47:08 UTC 2015
On Sun, 2015-01-04 at 10:00 -0600, Jamie Strandboge wrote:
> On 12/30/2014 04:33 AM, Cédric Bosdonnat wrote:
> > The apparmor profiles forgot about /usr/lib64 folders, just add lib64
> > as a possible alternative to lib in the paths
>
> These changes all look good to me. +1
Pushed, then.
Thanks for the review.
> > ---
> > examples/apparmor/libvirt-qemu | 2 +-
> > examples/apparmor/usr.lib.libvirt.virt-aa-helper | 4 ++--
> > examples/apparmor/usr.sbin.libvirtd | 4 ++--
> > 3 files changed, 5 insertions(+), 5 deletions(-)
> >
> > diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
> > index c6de6dd..7aad391 100644
> > --- a/examples/apparmor/libvirt-qemu
> > +++ b/examples/apparmor/libvirt-qemu
> > @@ -111,7 +111,7 @@
> > /usr/bin/qemu-sparc32plus rmix,
> > /usr/bin/qemu-sparc64 rmix,
> > /usr/bin/qemu-x86_64 rmix,
> > - /usr/lib/qemu/block-curl.so mr,
> > + /usr/{lib,lib64}/qemu/block-curl.so mr,
> >
> > # for save and resume
> > /bin/dash rmix,
> > diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
> > index bceaaff..b34fb35 100644
> > --- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper
> > +++ b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
> > @@ -1,7 +1,7 @@
> > # Last Modified: Mon Apr 5 15:10:27 2010
> > #include <tunables/global>
> >
> > -/usr/lib/libvirt/virt-aa-helper {
> > +profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
> > #include <abstractions/base>
> >
> > # needed for searching directories
> > @@ -20,7 +20,7 @@
> > /sys/devices/ r,
> > /sys/devices/** r,
> >
> > - /usr/lib/libvirt/virt-aa-helper mr,
> > + /usr/{lib,lib64}/libvirt/virt-aa-helper mr,
> > /sbin/apparmor_parser Ux,
> >
> > /etc/apparmor.d/libvirt/* r,
> > diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd
> > index 3011eff..7151052 100644
> > --- a/examples/apparmor/usr.sbin.libvirtd
> > +++ b/examples/apparmor/usr.sbin.libvirtd
> > @@ -44,7 +44,7 @@
> > /usr/bin/* PUx,
> > /usr/sbin/* PUx,
> > /lib/udev/scsi_id PUx,
> > - /usr/lib/xen-common/bin/xen-toolstack PUx,
> > + /usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx,
> >
> > # force the use of virt-aa-helper
> > audit deny /sbin/apparmor_parser rwxl,
> > @@ -53,7 +53,7 @@
> > audit deny /sys/kernel/security/apparmor/matching rwxl,
> > audit deny /sys/kernel/security/apparmor/.* rwxl,
> > /sys/kernel/security/apparmor/profiles r,
> > - /usr/lib/libvirt/* PUxr,
> > + /usr/{lib,lib64}/libvirt/* PUxr,
> > /etc/libvirt/hooks/** rmix,
> > /etc/xen/scripts/** rmix,
> >
> >
>
>
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
More information about the libvir-list
mailing list