apparmor: QEMU bridge helper policy updates

author Richa Marwaha <rmarwah@linux.vnet.ibm.com>

Fri, 3 Aug 2012 20:33:07 +0000 (16:33 -0400)

committer Michal Privoznik <mprivozn@redhat.com>

Mon, 6 Aug 2012 14:56:59 +0000 (16:56 +0200)
author Richa Marwaha <rmarwah@linux.vnet.ibm.com>
Fri, 3 Aug 2012 20:33:07 +0000 (16:33 -0400)
committer Michal Privoznik <mprivozn@redhat.com>
Mon, 6 Aug 2012 14:56:59 +0000 (16:56 +0200)
diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu

index 10cdd36b5ff45f025b67826c757774d079b0bc1f..766a334e2750190f791191e5504b1c2cf90a17b3 100644 (file)
--- a/examples/apparmor/libvirt-qemu
+++ b/examples/apparmor/libvirt-qemu
@@ -1,4 +1,4 @@
-# Last Modified: Mon Apr  5 15:11:27 2010
+# Last Modified: Fri Mar 9 14:43:22 2012
  
    #include <abstractions/base>
    #include <abstractions/consoles>
@@ -108,3 +108,22 @@
    /bin/dash rmix,
    /bin/dd rmix,
    /bin/cat rmix,
+
+  /usr/libexec/qemu-bridge-helper Cx,
+  # child profile for bridge helper process
+  profile /usr/libexec/qemu-bridge-helper {
+   #include <abstractions/base>
+
+   capability setuid,
+   capability setgid,
+   capability setpcap,
+   capability net_admin,
+
+   network inet stream,
+
+   /dev/net/tun rw,
+   /etc/qemu/** r,
+   owner @{PROC}/*/status r,
+
+   /usr/libexec/qemu-bridge-helper rmix,
+  }
author	Richa Marwaha <rmarwah@linux.vnet.ibm.com>
	Fri, 3 Aug 2012 20:33:07 +0000 (16:33 -0400)
committer	Michal Privoznik <mprivozn@redhat.com>
	Mon, 6 Aug 2012 14:56:59 +0000 (16:56 +0200)