diff --git a/install-apparmor-profiles.patch b/install-apparmor-profiles.patch new file mode 100644 index 0000000..b5b474e --- /dev/null +++ b/install-apparmor-profiles.patch @@ -0,0 +1,18 @@ +Index: libvirt-0.9.3/examples/apparmor/Makefile.am +=================================================================== +--- libvirt-0.9.3.orig/examples/apparmor/Makefile.am ++++ libvirt-0.9.3/examples/apparmor/Makefile.am +@@ -3,3 +3,12 @@ EXTRA_DIST= \ + libvirt-qemu \ + usr.lib.libvirt.virt-aa-helper \ + usr.sbin.libvirtd ++ ++if WITH_SECDRIVER_APPARMOR ++confdir = $(sysconfdir)/apparmor.d/libvirt ++conf_DATA= \ ++ TEMPLATE \ ++ libvirt-qemu \ ++ usr.lib.libvirt.virt-aa-helper \ ++ usr.sbin.libvirtd ++endif +\ No newline at end of file diff --git a/libvirt.changes b/libvirt.changes index ddb699a..8af59d4 100644 --- a/libvirt.changes +++ b/libvirt.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Mon Aug 8 15:21:42 MDT 2011 - jfehlig@suse.com + +- Enable apparmor security dirver, SLES bnc#705668 + install-apparmor-profiles.patch + ------------------------------------------------------------------- Thu Aug 4 11:07:32 MDT 2011 - jfehlig@suse.com diff --git a/libvirt.spec b/libvirt.spec index d5d1eed..0d3cc31 100644 --- a/libvirt.spec +++ b/libvirt.spec @@ -58,7 +58,7 @@ %define with_storage_mpath 0%{!?_without_storage_mpath:%{server_drivers}} %define with_numactl 0%{!?_without_numactl:%{server_drivers}} %define with_selinux 0%{!?_without_selinux:%{server_drivers}} -%define with_apparmor 0%{!?_without_apparmor:0} +%define with_apparmor 0%{!?_without_apparmor:%{server_drivers}} # A few optional bits off by default, we enable later %define with_polkit 0%{!?_without_polkit:0} @@ -368,6 +368,9 @@ Patch103: xend-disk-order.patch # Our patches Patch200: libvirtd-defaults.patch Patch201: use-init-script-redhat.patch +%if %{with_apparmor} +Patch202: install-apparmor-profiles.patch +%endif BuildRoot: %{_tmppath}/%{name}-%{version}-build %description @@ -453,7 +456,6 @@ Authors: Karel Zak %if %{with_python} - %package python License: LGPLv2.1+ Summary: A C toolkit to interract with the virtualization capabilities of Linux @@ -482,6 +484,9 @@ Authors: %patch103 -p1 %patch200 -p1 %patch201 -p1 +%if %{with_apparmor} +%patch202 -p1 +%endif %build %if ! %{with_xen} @@ -748,7 +753,6 @@ fi %postun client -p /sbin/ldconfig %if %{with_libvirtd} - %files %defattr(-, root, root) %{_sbindir}/libvirtd @@ -812,6 +816,15 @@ fi %attr(0755, root, root) %{_libdir}/%{name}/libvirt_iohelper %doc %{_mandir}/man8/libvirtd.8* %endif +%if %{with_apparmor} +%dir %{_sysconfdir}/apparmor.d +%dir %{_sysconfdir}/apparmor.d/libvirt +%config(noreplace) %{_sysconfdir}/apparmor.d/libvirt/TEMPLATE +%config(noreplace) %{_sysconfdir}/apparmor.d/libvirt/libvirt-qemu +%config(noreplace) %{_sysconfdir}/apparmor.d/libvirt/usr.lib.libvirt.virt-aa-helper +%config(noreplace) %{_sysconfdir}/apparmor.d/libvirt/usr.sbin.libvirtd +%{_libdir}/%{name}/virt-aa-helper +%endif %config %{_fwdefdir}/libvirtd-relocation-server %files client -f %{name}.lang @@ -868,7 +881,6 @@ fi %doc %{_docdir}/%{name}/html %if %{with_python} - %files python %defattr(-, root, root) %doc %{_docdir}/%{name}-python