apparmor: Make all profiles extensible

Do for all other profiles what we already do for the
virt-aa-helper one. In this case we limit the feature to AppArmor
3.x, as it was never implemented for 2.x.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>

diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/apparmor/usr.sbin.libvirtd.in
index edb8dd8e2679ba68a3345ab133500d84e67e9156..1601d73d479d89776be8e88279851a715d216dbd 100644 (file)
--- a/src/security/apparmor/usr.sbin.libvirtd.in
+++ b/src/security/apparmor/usr.sbin.libvirtd.in
@@ -139,4 +139,8 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) {
 
    /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix,
   }
+
+@BEGIN_APPARMOR_3@
+  include if exists <local/usr.sbin.libvirtd>
+@END_APPARMOR_3@
 }

diff --git a/src/security/apparmor/usr.sbin.virtqemud.in b/src/security/apparmor/usr.sbin.virtqemud.in
index f269c608093fcc4a94569ae0a2d235c01c168493..6b9c5d32d924075ae03f263fe970a8fef795bca0 100644 (file)
--- a/src/security/apparmor/usr.sbin.virtqemud.in
+++ b/src/security/apparmor/usr.sbin.virtqemud.in
@@ -132,4 +132,8 @@ profile virtqemud @sbindir@/virtqemud flags=(attach_disconnected) {
 
    /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix,
   }
+
+@BEGIN_APPARMOR_3@
+  include if exists <local/usr.sbin.virtqemud>
+@END_APPARMOR_3@
 }

diff --git a/src/security/apparmor/usr.sbin.virtxend.in b/src/security/apparmor/usr.sbin.virtxend.in
index 72e0d801e5ada8954c56f5c16c98faf69121cbd6..78a11305f5e310a65eddfb830b03feaae591107b 100644 (file)
--- a/src/security/apparmor/usr.sbin.virtxend.in
+++ b/src/security/apparmor/usr.sbin.virtxend.in
@@ -52,4 +52,8 @@ profile virtxend @sbindir@/virtxend flags=(attach_disconnected) {
   @libexecdir@/libvirt_iohelper ix,
   /etc/libvirt/hooks/** rmix,
   /etc/xen/scripts/** rmix,
+
+@BEGIN_APPARMOR_3@
+  include if exists <local/usr.sbin.virtxend>
+@END_APPARMOR_3@
 }