security/security_apparmor.c \
$(NULL)
+SECURITY_DRIVER_APPARMOR_GENERATED_PROFILES_IN = \
+ security/apparmor/usr.lib.libvirt.virt-aa-helper.in \
+ security/apparmor/usr.sbin.libvirtd.in \
+ $(NULL)
+
+SECURITY_DRIVER_APPARMOR_GENERATED_PROFILES = \
+ $(SECURITY_DRIVER_APPARMOR_GENERATED_PROFILES_IN:%.in=%)
+ $(NULL)
+
+security/apparmor/%: $(srcdir)/security/apparmor/%.in
+ $(AM_V_GEN)$(MKDIR_P) `dirname $@` && \
+ $(SED) \
+ -e 's|[@]sysconfdir[@]|@sysconfdir@|' \
+ -e 's|[@]sbindir[@]|@sbindir@|' \
+ -e 's|[@]runstatedir[@]|@runstatedir@|' \
+ -e 's|[@]libexecdir[@]|@libexecdir@|' \
+ $< > $@
+
+BUILT_SOURCES += $(SECURITY_DRIVER_APPARMOR_GENERATED_PROFILES)
+CLEANFILES += $(SECURITY_DRIVER_APPARMOR_GENERATED_PROFILES)
+
EXTRA_DIST += \
$(SECURITY_DRIVER_SELINUX_SOURCES) \
$(SECURITY_DRIVER_APPARMOR_SOURCES) \
$(SECURITY_DRIVER_APPARMOR_HELPER_SOURCES) \
+ $(SECURITY_DRIVER_APPARMOR_GENERATED_PROFILES_IN) \
security/apparmor/TEMPLATE.qemu \
security/apparmor/TEMPLATE.lxc \
security/apparmor/libvirt-qemu \
security/apparmor/libvirt-lxc \
- security/apparmor/usr.lib.libvirt.virt-aa-helper \
- security/apparmor/usr.sbin.libvirtd \
$(NULL)
libvirt_security_manager_la_SOURCES = $(SECURITY_DRIVER_SOURCES)
if WITH_APPARMOR_PROFILES
apparmordir = $(sysconfdir)/apparmor.d/
apparmor_DATA = \
- security/apparmor/usr.lib.libvirt.virt-aa-helper \
- security/apparmor/usr.sbin.libvirtd \
+ $(SECURITY_DRIVER_APPARMOR_GENERATED_PROFILES)
$(NULL)
abstractionsdir = $(apparmordir)/abstractions
$(NULL)
APPARMOR_LOCAL_DIR = "$(DESTDIR)$(apparmordir)/local"
-install-apparmor-local:
+install-apparmor-local: $(SECURITY_DRIVER_APPARMOR_GENERATED_PROFILES)
$(MKDIR_P) "$(APPARMOR_LOCAL_DIR)"
echo "# Site-specific additions and overrides for \
'usr.lib.libvirt.virt-aa-helper'" \
#include <tunables/global>
-profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
+profile virt-aa-helper @libexecdir@/virt-aa-helper {
#include <abstractions/base>
# needed for searching directories
# Used when internally running another command (namely apparmor_parser)
@{PROC}/@{pid}/fd/ r,
- /etc/libnl-3/classid r,
+ @sysconfdir@/libnl-3/classid r,
# for gl enabled graphics
/dev/dri/{,*} r,
deny /dev/mapper/ r,
deny /dev/mapper/* r,
- /usr/{lib,lib64}/libvirt/virt-aa-helper mr,
+ @libexecdir@/virt-aa-helper mr,
/{usr/,}sbin/apparmor_parser Ux,
- /etc/apparmor.d/libvirt/* r,
- /etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw,
+ @sysconfdir@/apparmor.d/libvirt/* r,
+ @sysconfdir@/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw,
# for backingstore -- allow access to non-hidden files in @{HOME} as well
# as storage pools
#include <tunables/global>
@{LIBVIRT}="libvirt"
-profile libvirtd /usr/sbin/libvirtd flags=(attach_disconnected) {
+profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) {
#include <abstractions/base>
#include <abstractions/dbus>
/bin/* PUx,
/sbin/* PUx,
/usr/bin/* PUx,
- /usr/sbin/virtlogd pix,
- /usr/sbin/* PUx,
+ @sbindir@/virtlogd pix,
+ @sbindir@/* PUx,
/{usr/,}lib/udev/scsi_id PUx,
/usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx,
/usr/{lib,lib64}/xen/bin/* Ux,
audit deny /sys/kernel/security/apparmor/matching rwxl,
audit deny /sys/kernel/security/apparmor/.* rwxl,
/sys/kernel/security/apparmor/profiles r,
- /usr/{lib,lib64}/libvirt/* PUxr,
- /usr/{lib,lib64}/libvirt/libvirt_parthelper ix,
- /usr/{lib,lib64}/libvirt/libvirt_iohelper ix,
+ @libexecdir@/* PUxr,
+ @libexecdir@/libvirt_parthelper ix,
+ @libexecdir@/libvirt_iohelper ix,
/etc/libvirt/hooks/** rmix,
/etc/xen/scripts/** rmix,
projects / thirdparty / libvirt.git / commitdiff
