Allow unmounting some things libvirt mounted

Signed-off-by: Danny Sauer <github@dannysauer.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>

diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/apparmor/usr.sbin.libvirtd.in
index 1601d73d479d89776be8e88279851a715d216dbd..47292d6c64bf782ea0a18bc49c079255362c03e6 100644 (file)
--- a/src/security/apparmor/usr.sbin.libvirtd.in
+++ b/src/security/apparmor/usr.sbin.libvirtd.in
@@ -42,6 +42,7 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) {
   mount options=(rw, move) /dev/** -> /{,var/}run/libvirt/qemu/*{,/},
   mount options=(rw, move) /{,var/}run/libvirt/qemu/*.dev/ -> /dev/,
   mount options=(rw, move) /{,var/}run/libvirt/qemu/*{,/} -> /dev/**,
+  umount /{,var/}run/libvirt/qemu/*{,/},
 
   network inet stream,
   network inet dgram,

diff --git a/src/security/apparmor/usr.sbin.virtqemud.in b/src/security/apparmor/usr.sbin.virtqemud.in
index 6b9c5d32d924075ae03f263fe970a8fef795bca0..bbc65131464a3a5f38dafa97115265a52c55b727 100644 (file)
--- a/src/security/apparmor/usr.sbin.virtqemud.in
+++ b/src/security/apparmor/usr.sbin.virtqemud.in
@@ -42,6 +42,7 @@ profile virtqemud @sbindir@/virtqemud flags=(attach_disconnected) {
   mount options=(rw, move) /dev/** -> /{,var/}run/libvirt/qemu/*{,/},
   mount options=(rw, move) /{,var/}run/libvirt/qemu/*.dev/ -> /dev/,
   mount options=(rw, move) /{,var/}run/libvirt/qemu/*{,/} -> /dev/**,
+  umount /{,var/}run/libvirt/qemu/*{,/},
 
   network inet stream,
   network inet dgram,