signal (receive) peer=libvirtd,
signal (receive) peer=/usr/sbin/libvirtd,
- /dev/net/tun rw,
/dev/kvm rw,
+ /dev/net/tun rw,
/dev/ptmx rw,
@{PROC}/*/status r,
# When qemu is signaled to terminate, it will read cmdline of signaling
/sys/bus/usb/devices/ r,
/sys/devices/**/usb[0-9]*/** r,
# libusb needs udev data about usb devices (~equal to content of lsusb -v)
+ /run/udev/data/+usb* r,
/run/udev/data/c16[6,7]* r,
/run/udev/data/c18[0,8,9]* r,
- /run/udev/data/+usb* r,
# WARNING: this gives the guest direct access to host hardware and specific
# portions of shared memory. This is required for sound using ALSA with kvm,
# but may constitute a security risk. If your environment does not require
# the use of sound in your VMs, feel free to comment out or prepend 'deny' to
# the rules for files in /dev.
+ /dev/snd/* rw,
/{dev,run}/shm r,
/{dev,run}/shmpulse-shm* r,
/{dev,run}/shmpulse-shm* rwk,
- /dev/snd/* rw,
capability ipc_lock,
# spice
owner /{dev,run}/shm/spice.* rw,
/var/lib/dbus/machine-id r,
# access to firmware's etc
- /usr/share/kvm/** r,
- /usr/share/qemu/** r,
- /usr/share/qemu-kvm/** r,
+ /usr/share/AAVMF/** r,
/usr/share/bochs/** r,
+ /usr/share/kvm/** r,
+ /usr/share/misc/sgabios.bin r,
/usr/share/openbios/** r,
/usr/share/openhackware/** r,
- /usr/share/proll/** r,
- /usr/share/vgabios/** r,
- /usr/share/seabios/** r,
- /usr/share/misc/sgabios.bin r,
- /usr/share/ovmf/** r,
/usr/share/OVMF/** r,
- /usr/share/AAVMF/** r,
+ /usr/share/ovmf/** r,
+ /usr/share/proll/** r,
/usr/share/qemu-efi/** r,
+ /usr/share/qemu-kvm/** r,
+ /usr/share/qemu/** r,
+ /usr/share/seabios/** r,
/usr/share/slof/** r,
+ /usr/share/vgabios/** r,
# pki for libvirt-vnc and libvirt-spice (LP: #901272, #1690140)
/etc/pki/CA/ r,
# the various binaries
/usr/bin/kvm rmix,
/usr/bin/qemu rmix,
+ /usr/bin/qemu-aarch64 rmix,
+ /usr/bin/qemu-alpha rmix,
+ /usr/bin/qemu-arm rmix,
+ /usr/bin/qemu-armeb rmix,
+ /usr/bin/qemu-cris rmix,
+ /usr/bin/qemu-i386 rmix,
/usr/bin/qemu-kvm rmix,
+ /usr/bin/qemu-m68k rmix,
+ /usr/bin/qemu-microblaze rmix,
+ /usr/bin/qemu-microblazeel rmix,
+ /usr/bin/qemu-mips rmix,
+ /usr/bin/qemu-mips64 rmix,
+ /usr/bin/qemu-mips64el rmix,
+ /usr/bin/qemu-mipsel rmix,
+ /usr/bin/qemu-mipsn32 rmix,
+ /usr/bin/qemu-mipsn32el rmix,
+ /usr/bin/qemu-or32 rmix,
+ /usr/bin/qemu-ppc rmix,
+ /usr/bin/qemu-ppc64 rmix,
+ /usr/bin/qemu-ppc64abi32 rmix,
+ /usr/bin/qemu-ppc64le rmix,
+ /usr/bin/qemu-s390x rmix,
+ /usr/bin/qemu-sh4 rmix,
+ /usr/bin/qemu-sh4eb rmix,
+ /usr/bin/qemu-sparc rmix,
+ /usr/bin/qemu-sparc32plus rmix,
+ /usr/bin/qemu-sparc64 rmix,
/usr/bin/qemu-system-aarch64 rmix,
/usr/bin/qemu-system-alpha rmix,
/usr/bin/qemu-system-arm rmix,
/usr/bin/qemu-system-x86_64 rmix,
/usr/bin/qemu-system-xtensa rmix,
/usr/bin/qemu-system-xtensaeb rmix,
- /usr/bin/qemu-aarch64 rmix,
- /usr/bin/qemu-alpha rmix,
- /usr/bin/qemu-arm rmix,
- /usr/bin/qemu-armeb rmix,
- /usr/bin/qemu-cris rmix,
- /usr/bin/qemu-i386 rmix,
- /usr/bin/qemu-m68k rmix,
- /usr/bin/qemu-microblaze rmix,
- /usr/bin/qemu-microblazeel rmix,
- /usr/bin/qemu-mips rmix,
- /usr/bin/qemu-mips64 rmix,
- /usr/bin/qemu-mips64el rmix,
- /usr/bin/qemu-mipsel rmix,
- /usr/bin/qemu-mipsn32 rmix,
- /usr/bin/qemu-mipsn32el rmix,
- /usr/bin/qemu-or32 rmix,
- /usr/bin/qemu-ppc rmix,
- /usr/bin/qemu-ppc64 rmix,
- /usr/bin/qemu-ppc64abi32 rmix,
- /usr/bin/qemu-ppc64le rmix,
- /usr/bin/qemu-s390x rmix,
- /usr/bin/qemu-sh4 rmix,
- /usr/bin/qemu-sh4eb rmix,
- /usr/bin/qemu-sparc rmix,
- /usr/bin/qemu-sparc32plus rmix,
- /usr/bin/qemu-sparc64 rmix,
/usr/bin/qemu-unicore32 rmix,
/usr/bin/qemu-x86_64 rmix,
# for Debian/Ubuntu qemu-block-extra / RPMs qemu-block-* (LP: #1554761)
projects / libvirt.git / commitdiff