[PATCH] apparmor: Allow /usr/libexec for libxl-save-helper and pygrub
Neal Gompa
ngompa13 at gmail.com
Wed Sep 23 17:56:04 UTC 2020
On Tue, Sep 22, 2020 at 6:35 PM Jim Fehlig <jfehlig at suse.com> wrote:
>
> Like other distros, openSUSE Tumbleweed recently changed libexecdir from
> /usr/lib to /usr/libexec. Add it as an allowed path for libxl-save-helper
> and pygrub.
>
> Signed-off-by: Jim Fehlig <jfehlig at suse.com>
> ---
>
> I considered including /usr/lib64, but I don't think any distros are
> installing xen libexecdir targets to /usr/lib64. Happy to include it
> if I'm wrong :-).
>
> src/security/apparmor/usr.sbin.libvirtd.in | 4 ++--
> 1 file changed, 2 insertions(+), 2 deletions(-)
>
> diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/apparmor/usr.sbin.libvirtd.in
> index f2030764cd..bf4563e1e8 100644
> --- a/src/security/apparmor/usr.sbin.libvirtd.in
> +++ b/src/security/apparmor/usr.sbin.libvirtd.in
> @@ -86,8 +86,8 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) {
> /{usr/,}lib/udev/scsi_id PUx,
> /usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx,
> /usr/{lib,lib64}/xen/bin/* Ux,
> - /usr/lib/xen-*/bin/libxl-save-helper PUx,
> - /usr/lib/xen-*/bin/pygrub PUx,
> + /usr/{lib,libexec}/xen-*/bin/libxl-save-helper PUx,
> + /usr/{lib,libexec}/xen-*/bin/pygrub PUx,
> /usr/{lib,lib64,lib/qemu,libexec}/vhost-user-gpu PUx,
> /usr/{lib,lib64,lib/qemu,libexec}/virtiofsd PUx,
>
> --
> 2.28.0
>
Yay! Looks great to me!
Reviewed-by: Neal Gompa <ngompa13 at gmail.com>
--
真実はいつも一つ!/ Always, there's only one truth!
More information about the libvir-list
mailing list