]> xenbits.xensource.com Git - libvirt.git/commitdiff
projects / libvirt.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 84e01d1)
apparmor: Make abstractions extensible
authorAndrea Bolognani <abologna@redhat.com>
Thu, 29 Jun 2023 09:49:35 +0000 (11:49 +0200)
committerAndrea Bolognani <abologna@redhat.com>
Mon, 3 Jul 2023 12:55:39 +0000 (14:55 +0200)
Implement the standard AppArmor 3.x abstraction extension
approach.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
src/security/apparmor/libvirt-lxc.in patch | blob | blame | history
src/security/apparmor/libvirt-qemu.in patch | blob | blame | history

diff --git a/src/security/apparmor/libvirt-lxc.in b/src/security/apparmor/libvirt-lxc.in
index 0c8b8127438182b5a5e95811122e740b63495840..ffe4d8f21f210fc72ee7a6a0128012e1f4fe5d13 100644 (file)
--- a/src/security/apparmor/libvirt-lxc.in
+++ b/src/security/apparmor/libvirt-lxc.in
@@ -116,3 +116,7 @@
   deny /sys/fs/cgrou[^p]*{,/**} wklx,
   deny /sys/fs/cgroup?*{,/**} wklx,
   deny /sys/fs?*{,/**} wklx,
+
+@BEGIN_APPARMOR_3@
+  include if exists <abstractions/libvirt-lxc.d>
+@END_APPARMOR_3@
diff --git a/src/security/apparmor/libvirt-qemu.in b/src/security/apparmor/libvirt-qemu.in
index 1548cf23bfc4196707e00c9e4e706e915dce7a21..53f45c3a2867ccb3a5f9eeb31233fcbe9d91689e 100644 (file)
--- a/src/security/apparmor/libvirt-qemu.in
+++ b/src/security/apparmor/libvirt-qemu.in
@@ -271,3 +271,7 @@
   # required for QEMU accessing UEFI nvram variables
   owner /var/lib/libvirt/qemu/nvram/*_VARS.fd rwk,
   owner /var/lib/libvirt/qemu/nvram/*_VARS.ms.fd rwk,
+
+@BEGIN_APPARMOR_3@
+  include if exists <abstractions/libvirt-qemu.d>
+@END_APPARMOR_3@
Unnamed repository; edit this file 'description' to name the repository.