apparmor: allow /usr/lib/qemu/qemu-bridge-helper

This is where e.g. Debian puts it.

diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd
index 8893e75fe97c674c2cbbc6d0130d5d1a5bb45fc2..353b039accc1a482a144efefd4e4b3cc5ab17539 100644 (file)
--- a/examples/apparmor/usr.sbin.libvirtd
+++ b/examples/apparmor/usr.sbin.libvirtd
@@ -67,7 +67,7 @@
   # allow changing to our UUID-based named profiles
   change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
 
-  /usr/{lib,libexec}/qemu-bridge-helper Cx -> qemu_bridge_helper,
+  /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper Cx -> qemu_bridge_helper,
   # child profile for bridge helper process
   profile qemu_bridge_helper {
    #include <abstractions/base>
@@ -83,6 +83,6 @@
    /etc/qemu/** r,
    owner @{PROC}/*/status r,
 
-   /usr/{lib,libexec}/qemu-bridge-helper rmix,
+   /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix,
   }
 }