virt-aa-helper: /etc/libvirt-sandbox/services isn't restricted

To get virt-sandbox-service working with AppArmor, virt-aa-helper
needs not to choke on path in /etc/libvirt-sandbox/services.

diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 81f9f4063155630e07512ed483937a38c3547dc8..f273e09dacb23423c45b5e8e73ac164fb9c26df2 100644 (file)
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -571,7 +571,8 @@ valid_path(const char *path, const bool readonly)
     };
     /* override the above with these */
     const char * const override[] = {
-        "/sys/devices/pci"     /* for hostdev pci devices */
+        "/sys/devices/pci",    /* for hostdev pci devices */
+        "/etc/libvirt-sandbox/services/" /* for virt-sandbox service config */
     };
 
     if (path == NULL) {