[PATCH] apparmor: Allow /usr/libexec for libxl-save-helper and pygrub
Christian Ehrhardt
christian.ehrhardt at canonical.com
Wed Sep 23 13:26:00 UTC 2020
On Wed, Sep 23, 2020 at 12:35 AM Jim Fehlig <jfehlig at suse.com> wrote:
>
> Like other distros, openSUSE Tumbleweed recently changed libexecdir from
> /usr/lib to /usr/libexec. Add it as an allowed path for libxl-save-helper
> and pygrub.
Hi Jim,
ack to the intention, but I think since this should use @libexecdir@ I think.
Or did anything change that this doesn't apply anymore ... in that
case I beg your pardon.
[1]: https://libvirt.org/git/?p=libvirt.git;a=commit;h=5c8bd31c881e99261ac098e867a79b300440731a
> Signed-off-by: Jim Fehlig <jfehlig at suse.com>
> ---
>
> I considered including /usr/lib64, but I don't think any distros are
> installing xen libexecdir targets to /usr/lib64. Happy to include it
> if I'm wrong :-).
>
> src/security/apparmor/usr.sbin.libvirtd.in | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/apparmor/usr.sbin.libvirtd.in
> index f2030764cd..bf4563e1e8 100644
> --- a/src/security/apparmor/usr.sbin.libvirtd.in
> +++ b/src/security/apparmor/usr.sbin.libvirtd.in
> @@ -86,8 +86,8 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) {
> /{usr/,}lib/udev/scsi_id PUx,
> /usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx,
> /usr/{lib,lib64}/xen/bin/* Ux,
> - /usr/lib/xen-*/bin/libxl-save-helper PUx,
> - /usr/lib/xen-*/bin/pygrub PUx,
> + /usr/{lib,libexec}/xen-*/bin/libxl-save-helper PUx,
> + /usr/{lib,libexec}/xen-*/bin/pygrub PUx,
> /usr/{lib,lib64,lib/qemu,libexec}/vhost-user-gpu PUx,
> /usr/{lib,lib64,lib/qemu,libexec}/virtiofsd PUx,
>
> --
> 2.28.0
>
>
--
Christian Ehrhardt
Staff Engineer, Ubuntu Server
Canonical Ltd
More information about the libvir-list
mailing list