From: Jeff Mahoney <jeffm@suse.com>
Subject: profiles: Add libvirt pid support to dnsmasq profile
References: bnc#666090

 libvirt starts up dnsmasq with its pid file in 

Signed-off-by: Jeff Mahoney <jeffm@suse.com>
---

 profiles/apparmor.d/usr.sbin.dnsmasq |    6 ++++++
 1 file changed, 6 insertions(+)

--- a/profiles/apparmor.d/usr.sbin.dnsmasq
+++ b/profiles/apparmor.d/usr.sbin.dnsmasq
@@ -8,6 +8,9 @@
   capability setgid,
   capability setuid,
   capability dac_override,
+  capability net_admin,		# for DHCP server
+  capability net_raw,		# for DHCP server ping checks
+  network inet raw,
 
   /etc/dnsmasq.conf r,
   /etc/dnsmasq.d/ r,
@@ -19,5 +22,8 @@
   /var/run/dnsmasq/ r,
   /var/run/dnsmasq/* rw,
 
+  /var/run/libvirt/network/ r, # Required when called by libvirt
+  /var/run/libvirt/network/*.pid rw, # Required when called by libvirt
+
   /var/lib/misc/dnsmasq.leases rw, # Required only for DHCP server usage
 }