forked from pool/libvirt
944b1122db
- Replaced hard to maintain install-apparmor-profiles.patch by upstreamed 30c6aecc-apparmor-lib64.patch. - Reformatted libvirt.spec and libvirtd.init to pass upstream make syntax-check OBS-URL: https://build.opensuse.org/request/show/279988 OBS-URL: https://build.opensuse.org/package/show/Virtualization/libvirt?expand=0&rev=432
74 lines
2.4 KiB
Diff
74 lines
2.4 KiB
Diff
From 30c6aecc449202e930249215c6514d6c13a46c83 Mon Sep 17 00:00:00 2001
|
|
From: Cedric Bosdonnat <cbosdonnat@suse.com>
|
|
Date: Mon, 15 Dec 2014 15:14:48 +0100
|
|
Subject: [PATCH] Teach AppArmor, that /usr/lib64 may exist.
|
|
|
|
The apparmor profiles forgot about /usr/lib64 folders, just add lib64
|
|
as a possible alternative to lib in the paths
|
|
---
|
|
examples/apparmor/libvirt-qemu | 2 +-
|
|
examples/apparmor/usr.lib.libvirt.virt-aa-helper | 4 ++--
|
|
examples/apparmor/usr.sbin.libvirtd | 4 ++--
|
|
3 files changed, 5 insertions(+), 5 deletions(-)
|
|
|
|
diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
|
|
index c6de6dd..7aad391 100644
|
|
--- a/examples/apparmor/libvirt-qemu
|
|
+++ b/examples/apparmor/libvirt-qemu
|
|
@@ -111,7 +111,7 @@
|
|
/usr/bin/qemu-sparc32plus rmix,
|
|
/usr/bin/qemu-sparc64 rmix,
|
|
/usr/bin/qemu-x86_64 rmix,
|
|
- /usr/lib/qemu/block-curl.so mr,
|
|
+ /usr/{lib,lib64}/qemu/block-curl.so mr,
|
|
|
|
# for save and resume
|
|
/bin/dash rmix,
|
|
diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
|
|
index bceaaff..b34fb35 100644
|
|
--- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper
|
|
+++ b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
|
|
@@ -1,7 +1,7 @@
|
|
# Last Modified: Mon Apr 5 15:10:27 2010
|
|
#include <tunables/global>
|
|
|
|
-/usr/lib/libvirt/virt-aa-helper {
|
|
+profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
|
|
#include <abstractions/base>
|
|
|
|
# needed for searching directories
|
|
@@ -20,7 +20,7 @@
|
|
/sys/devices/ r,
|
|
/sys/devices/** r,
|
|
|
|
- /usr/lib/libvirt/virt-aa-helper mr,
|
|
+ /usr/{lib,lib64}/libvirt/virt-aa-helper mr,
|
|
/sbin/apparmor_parser Ux,
|
|
|
|
/etc/apparmor.d/libvirt/* r,
|
|
diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd
|
|
index 3011eff..7151052 100644
|
|
--- a/examples/apparmor/usr.sbin.libvirtd
|
|
+++ b/examples/apparmor/usr.sbin.libvirtd
|
|
@@ -44,7 +44,7 @@
|
|
/usr/bin/* PUx,
|
|
/usr/sbin/* PUx,
|
|
/lib/udev/scsi_id PUx,
|
|
- /usr/lib/xen-common/bin/xen-toolstack PUx,
|
|
+ /usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx,
|
|
|
|
# force the use of virt-aa-helper
|
|
audit deny /sbin/apparmor_parser rwxl,
|
|
@@ -53,7 +53,7 @@
|
|
audit deny /sys/kernel/security/apparmor/matching rwxl,
|
|
audit deny /sys/kernel/security/apparmor/.* rwxl,
|
|
/sys/kernel/security/apparmor/profiles r,
|
|
- /usr/lib/libvirt/* PUxr,
|
|
+ /usr/{lib,lib64}/libvirt/* PUxr,
|
|
/etc/libvirt/hooks/** rmix,
|
|
/etc/xen/scripts/** rmix,
|
|
|
|
--
|
|
2.1.2
|
|
|