From: Danny Sauer <gitlab@dannysauer.com>
Date: Mon, 8 Jul 2024 04:30:25 +0000 (+0000)
Subject: Allow unmounting some things libvirt mounted
X-Git-Tag: v10.7.0-rc1~76
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=2be2fb9a9f237daca2b78677e51f870624a074a9;p=thirdparty%2Flibvirt.git

Allow unmounting some things libvirt mounted

Signed-off-by: Danny Sauer <github@dannysauer.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
---

diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/apparmor/usr.sbin.libvirtd.in
index 1601d73d47..47292d6c64 100644
--- a/src/security/apparmor/usr.sbin.libvirtd.in
+++ b/src/security/apparmor/usr.sbin.libvirtd.in
@@ -42,6 +42,7 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) {
   mount options=(rw, move) /dev/** -> /{,var/}run/libvirt/qemu/*{,/},
   mount options=(rw, move) /{,var/}run/libvirt/qemu/*.dev/ -> /dev/,
   mount options=(rw, move) /{,var/}run/libvirt/qemu/*{,/} -> /dev/**,
+  umount /{,var/}run/libvirt/qemu/*{,/},
 
   network inet stream,
   network inet dgram,
diff --git a/src/security/apparmor/usr.sbin.virtqemud.in b/src/security/apparmor/usr.sbin.virtqemud.in
index 6b9c5d32d9..bbc6513146 100644
--- a/src/security/apparmor/usr.sbin.virtqemud.in
+++ b/src/security/apparmor/usr.sbin.virtqemud.in
@@ -42,6 +42,7 @@ profile virtqemud @sbindir@/virtqemud flags=(attach_disconnected) {
   mount options=(rw, move) /dev/** -> /{,var/}run/libvirt/qemu/*{,/},
   mount options=(rw, move) /{,var/}run/libvirt/qemu/*.dev/ -> /dev/,
   mount options=(rw, move) /{,var/}run/libvirt/qemu/*{,/} -> /dev/**,
+  umount /{,var/}run/libvirt/qemu/*{,/},
 
   network inet stream,
   network inet dgram,