apparmor, libvirtd: Allow ixr to /var/lib/libvirt/virtd*

author Jamie Strandboge <jamie@ubuntu.com>

Tue, 19 Dec 2017 15:03:43 +0000 (16:03 +0100)

committer Cédric Bosdonnat <cbosdonnat@suse.com>

Tue, 9 Jan 2018 09:08:22 +0000 (10:08 +0100)
author Jamie Strandboge <jamie@ubuntu.com>
Tue, 19 Dec 2017 15:03:43 +0000 (16:03 +0100)
committer Cédric Bosdonnat <cbosdonnat@suse.com>
Tue, 9 Jan 2018 09:08:22 +0000 (10:08 +0100)
diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd

index febe8a407535913c2399d54b9c1e13279cd18fac..a1083b041009ea437323699f977cc92b0d345191 100644 (file)
--- a/examples/apparmor/usr.sbin.libvirtd
+++ b/examples/apparmor/usr.sbin.libvirtd
@@ -79,6 +79,10 @@
    /usr/{lib,lib64}/xen/bin/* Ux,
    /usr/lib/xen-*/bin/libxl-save-helper PUx,
  
+  # Required by nwfilter_ebiptables_driver.c:ebiptablesWriteToTempFile() to
+  # read and run an ebtables script.
+  /var/lib/libvirt/virtd* ixr,
+
    # force the use of virt-aa-helper
    audit deny /{usr/,}sbin/apparmor_parser rwxl,
    audit deny /etc/apparmor.d/libvirt/** wxl,
author	Jamie Strandboge <jamie@ubuntu.com>
	Tue, 19 Dec 2017 15:03:43 +0000 (16:03 +0100)
committer	Cédric Bosdonnat <cbosdonnat@suse.com>
	Tue, 9 Jan 2018 09:08:22 +0000 (10:08 +0100)