From: Jamie Strandboge <jamie@ubuntu.com>
Date: Wed, 20 Dec 2017 07:41:08 +0000 (+0100)
Subject: apparmor, libvirt-qemu: Allow qemu-block-extra libraries
X-Git-Tag: v4.0.0-rc1~45
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=aa889e412d31d9f8b255d304d9ab7bec9237abed;p=thirdparty%2Flibvirt.git

apparmor, libvirt-qemu: Allow qemu-block-extra libraries

Allows (multi-arch enabled) access to libraries under the
/usr/lib/@{multiarch}/qemu/*.so path in the Debian/Ubuntu
qemu-block-extra package and all such libs for the paths
of rpm qemu-block-* packages.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/1554761

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
---

diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
index 651d841f19..e10160a1b8 100644
--- a/examples/apparmor/libvirt-qemu
+++ b/examples/apparmor/libvirt-qemu
@@ -152,8 +152,9 @@
   /usr/bin/qemu-sparc64 rmix,
   /usr/bin/qemu-unicore32 rmix,
   /usr/bin/qemu-x86_64 rmix,
-  /usr/{lib,lib64}/qemu/block-curl.so mr,
-  /usr/{lib,lib64}/qemu/block-rbd.so mr,
+  # for Debian/Ubuntu qemu-block-extra / RPMs qemu-block-* (LP: #1554761)
+  /usr/{lib,lib64}/qemu/*.so mr,
+  /usr/lib/@{multiarch}/qemu/*.so mr,
 
   # for use by libvirt-vnc (LP: #901272)
   /etc/pki/CA/ r,