apparmor: Allow more paths for qemu-bridge-helper

author Andrea Bolognani <abologna@redhat.com>

Mon, 5 Aug 2024 14:21:31 +0000 (16:21 +0200)

committer Andrea Bolognani <abologna@redhat.com>

Wed, 7 Aug 2024 11:03:20 +0000 (13:03 +0200)
author Andrea Bolognani <abologna@redhat.com>
Mon, 5 Aug 2024 14:21:31 +0000 (16:21 +0200)
committer Andrea Bolognani <abologna@redhat.com>
Wed, 7 Aug 2024 11:03:20 +0000 (13:03 +0200)
diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/apparmor/usr.sbin.libvirtd.in

index 47292d6c64bf782ea0a18bc49c079255362c03e6..70e586895f8b1c035688e5ade8ef11277c45555c 100644 (file)
--- a/src/security/apparmor/usr.sbin.libvirtd.in
+++ b/src/security/apparmor/usr.sbin.libvirtd.in
@@ -117,7 +117,7 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) {
    # allow changing to our UUID-based named profiles
    change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
  
-  /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper Cx -> qemu_bridge_helper,
+  /usr/{lib,lib64,lib/qemu,libexec,libexec/qemu}/qemu-bridge-helper Cx -> qemu_bridge_helper,
    # child profile for bridge helper process
    profile qemu_bridge_helper {
     #include <abstractions/base>
@@ -138,7 +138,7 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) {
     /etc/qemu/** r,
     owner @{PROC}/*/status r,
  
-   /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix,
+   /usr/{lib,lib64,lib/qemu,libexec,libexec/qemu}/qemu-bridge-helper rmix,
    }
  
  @BEGIN_APPARMOR_3@
diff --git a/src/security/apparmor/usr.sbin.virtqemud.in b/src/security/apparmor/usr.sbin.virtqemud.in

index bbc65131464a3a5f38dafa97115265a52c55b727..42fa4813da65199ed29cffbed66ff48a77fdb353 100644 (file)
--- a/src/security/apparmor/usr.sbin.virtqemud.in
+++ b/src/security/apparmor/usr.sbin.virtqemud.in
@@ -111,7 +111,7 @@ profile virtqemud @sbindir@/virtqemud flags=(attach_disconnected) {
    # allow changing to our UUID-based named profiles
    change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
  
-  /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper Cx -> qemu_bridge_helper,
+  /usr/{lib,lib64,lib/qemu,libexec,libexec/qemu}/qemu-bridge-helper Cx -> qemu_bridge_helper,
    # child profile for bridge helper process
    profile qemu_bridge_helper {
     #include <abstractions/base>
@@ -131,7 +131,7 @@ profile virtqemud @sbindir@/virtqemud flags=(attach_disconnected) {
     /etc/qemu/** r,
     owner @{PROC}/*/status r,
  
-   /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix,
+   /usr/{lib,lib64,lib/qemu,libexec,libexec/qemu}/qemu-bridge-helper rmix,
    }
  
  @BEGIN_APPARMOR_3@
author	Andrea Bolognani <abologna@redhat.com>
	Mon, 5 Aug 2024 14:21:31 +0000 (16:21 +0200)
committer	Andrea Bolognani <abologna@redhat.com>
	Wed, 7 Aug 2024 11:03:20 +0000 (13:03 +0200)
src/security/apparmor/usr.sbin.libvirtd.in		patch \| blob \| blame \| history
src/security/apparmor/usr.sbin.virtqemud.in		patch \| blob \| blame \| history