apparmor: Allow /usr/libexec for libxl-save-helper and pygrub

Like other distros, openSUSE Tumbleweed recently changed libexecdir from
/usr/lib to /usr/libexec. Add it as an allowed path for libxl-save-helper
and pygrub.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Neal Gompa <ngompa13@gmail.com>
Reviewed-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>

diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/apparmor/usr.sbin.libvirtd.in
index f2030764cd32b1026584fbcbac89d654117506da..bf4563e1e8c50066939775f4f60735e3e7e0b71c 100644 (file)
--- a/src/security/apparmor/usr.sbin.libvirtd.in
+++ b/src/security/apparmor/usr.sbin.libvirtd.in
@@ -86,8 +86,8 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) {
   /{usr/,}lib/udev/scsi_id PUx,
   /usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx,
   /usr/{lib,lib64}/xen/bin/* Ux,
-  /usr/lib/xen-*/bin/libxl-save-helper PUx,
-  /usr/lib/xen-*/bin/pygrub PUx,
+  /usr/{lib,libexec}/xen-*/bin/libxl-save-helper PUx,
+  /usr/{lib,libexec}/xen-*/bin/pygrub PUx,
   /usr/{lib,lib64,lib/qemu,libexec}/vhost-user-gpu PUx,
   /usr/{lib,lib64,lib/qemu,libexec}/virtiofsd PUx,