From: Stefan Bader <stefan.bader@canonical.com>
Date: Fri, 16 Jun 2017 08:20:11 +0000 (+0200)
Subject: apparmor, libvirtd: Allow libxl-save-helper to run on Debian/Ubuntu
X-Git-Tag: v3.5.0-rc1~73
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5b4d46a95eca19f67fdb72cd476fc3a403cbfc29;p=thirdparty%2Flibvirt.git

apparmor, libvirtd: Allow libxl-save-helper to run on Debian/Ubuntu

On Debian/Ubuntu the libxl-save-helper (used when saving/restoring
a domain through libxl) is located under /usr/lib/xen-<version>/bin.

Bug-Ubuntu: https://bugs.launchpad.net/bugs/1334195

Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
Signed-off-by: Stefan Bader <stefan.bader@canonical.com>
---

diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd
index 353b039acc..acb59e0716 100644
--- a/examples/apparmor/usr.sbin.libvirtd
+++ b/examples/apparmor/usr.sbin.libvirtd
@@ -50,6 +50,7 @@
   /{usr/,}lib/udev/scsi_id PUx,
   /usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx,
   /usr/{lib,lib64}/xen/bin/* Ux,
+  /usr/lib/xen-*/bin/libxl-save-helper PUx,
 
   # force the use of virt-aa-helper
   audit deny /{usr/,}sbin/apparmor_parser rwxl,