apparmor: convert libvirtd profile to a named profile

author Jim Fehlig <jfehlig@suse.com>

Sat, 12 Jan 2019 00:59:59 +0000 (17:59 -0700)

committer Jim Fehlig <jfehlig@suse.com>

Wed, 23 Jan 2019 18:10:15 +0000 (11:10 -0700)
author Jim Fehlig <jfehlig@suse.com>
Sat, 12 Jan 2019 00:59:59 +0000 (17:59 -0700)
committer Jim Fehlig <jfehlig@suse.com>
Wed, 23 Jan 2019 18:10:15 +0000 (11:10 -0700)
diff --git a/src/security/apparmor/usr.sbin.libvirtd b/src/security/apparmor/usr.sbin.libvirtd

index 0db52c524cff8e67c325ce605c03a336c6f49412..29f9936ad9128657f8df9cf09eba9fcd56561768 100644 (file)
--- a/src/security/apparmor/usr.sbin.libvirtd
+++ b/src/security/apparmor/usr.sbin.libvirtd
@@ -2,7 +2,7 @@
  #include <tunables/global>
  @{LIBVIRT}="libvirt"
  
-/usr/sbin/libvirtd flags=(attach_disconnected) {
+profile libvirtd /usr/sbin/libvirtd flags=(attach_disconnected) {
    #include <abstractions/base>
    #include <abstractions/dbus>
  
@@ -51,7 +51,7 @@
    unix (send, receive) type=stream addr=none peer=(label=unconfined addr=none),
  
    ptrace (read,trace) peer=unconfined,
-  ptrace (read,trace) peer=/usr/sbin/libvirtd,
+  ptrace (read,trace) peer=@{profile_name},
    ptrace (read,trace) peer=dnsmasq,
    ptrace (read,trace) peer=/usr/sbin/dnsmasq,
    ptrace (read,trace) peer=libvirt-*,
@@ -123,6 +123,7 @@
     # For communication/control from libvirtd
     unix (send, receive) type=stream addr=none peer=(label=/usr/sbin/libvirtd),
     signal (receive) set=("term") peer=/usr/sbin/libvirtd,
+   signal (receive) set=("term") peer=libvirtd,
  
     /dev/net/tun rw,
     /etc/qemu/** r,
author	Jim Fehlig <jfehlig@suse.com>
	Sat, 12 Jan 2019 00:59:59 +0000 (17:59 -0700)
committer	Jim Fehlig <jfehlig@suse.com>
	Wed, 23 Jan 2019 18:10:15 +0000 (11:10 -0700)