[libvirt PATCH 5/8] apparmor: Make abstractions extensible
Andrea Bolognani
abologna at redhat.com
Thu Jun 29 13:14:54 UTC 2023
Implement the standard AppArmor 3.x abstraction extension
approach.
Signed-off-by: Andrea Bolognani <abologna at redhat.com>
---
src/security/apparmor/libvirt-lxc.in | 4 ++++
src/security/apparmor/libvirt-qemu.in | 4 ++++
2 files changed, 8 insertions(+)
diff --git a/src/security/apparmor/libvirt-lxc.in b/src/security/apparmor/libvirt-lxc.in
index 0c8b812743..ffe4d8f21f 100644
--- a/src/security/apparmor/libvirt-lxc.in
+++ b/src/security/apparmor/libvirt-lxc.in
@@ -116,3 +116,7 @@
deny /sys/fs/cgrou[^p]*{,/**} wklx,
deny /sys/fs/cgroup?*{,/**} wklx,
deny /sys/fs?*{,/**} wklx,
+
+ at BEGIN_APPARMOR_3@
+ include if exists <abstractions/libvirt-lxc.d>
+ at END_APPARMOR_3@
diff --git a/src/security/apparmor/libvirt-qemu.in b/src/security/apparmor/libvirt-qemu.in
index 1548cf23bf..53f45c3a28 100644
--- a/src/security/apparmor/libvirt-qemu.in
+++ b/src/security/apparmor/libvirt-qemu.in
@@ -271,3 +271,7 @@
# required for QEMU accessing UEFI nvram variables
owner /var/lib/libvirt/qemu/nvram/*_VARS.fd rwk,
owner /var/lib/libvirt/qemu/nvram/*_VARS.ms.fd rwk,
+
+ at BEGIN_APPARMOR_3@
+ include if exists <abstractions/libvirt-qemu.d>
+ at END_APPARMOR_3@
--
2.41.0
More information about the libvir-list
mailing list