libvirt/4ec3cf9a-apparmor-rules.patch

commit 4ec3cf9a0fc3d76058ea363a6c35df19e67e6261
Author: Jim Fehlig <jfehlig@suse.com>
Date:   Fri Mar 1 15:05:36 2019 -0700

    apparmor: Add ptrace and signal rules for named profile
    
    Commit a3ab6d42 changed the libvirtd profile to a named profile
    but neglected to accommodate the change in the qemu profile
    ptrace and signal rules. As a result, libvirtd is unable to
    signal confined qemu processes and hence unable to shutdown
    or destroy VMs.
    
    Add ptrace and signal rules that reference the libvirtd profile
    by name in addition to full binary path.
    
    Signed-off-by: Jim Fehlig <jfehlig@suse.com>
    Acked-by: Jamie Strandboge <jamie@canonical.com>

Index: libvirt-5.1.0/src/security/apparmor/libvirt-qemu
===================================================================
--- libvirt-5.1.0.orig/src/security/apparmor/libvirt-qemu
+++ libvirt-5.1.0/src/security/apparmor/libvirt-qemu
@@ -16,8 +16,10 @@
   network inet stream,
   network inet6 stream,
 
+  ptrace (readby, tracedby) peer=libvirtd,
   ptrace (readby, tracedby) peer=/usr/sbin/libvirtd,
 
+  signal (receive) peer=libvirtd,
   signal (receive) peer=/usr/sbin/libvirtd,
 
   /dev/net/tun rw,