From: Andrea Bolognani <abologna@redhat.com>
Date: Thu, 29 Jun 2023 09:49:35 +0000 (+0200)
Subject: apparmor: Make abstractions extensible
X-Git-Tag: v9.6.0-rc1~102
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=b6092de88355eb7b609fcc82a8bd6590645dfdc4;p=thirdparty%2Flibvirt.git

apparmor: Make abstractions extensible

Implement the standard AppArmor 3.x abstraction extension
approach.

Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Jim Fehlig <jfehlig@suse.com>
---

diff --git a/src/security/apparmor/libvirt-lxc.in b/src/security/apparmor/libvirt-lxc.in
index 0c8b812743..ffe4d8f21f 100644
--- a/src/security/apparmor/libvirt-lxc.in
+++ b/src/security/apparmor/libvirt-lxc.in
@@ -116,3 +116,7 @@
   deny /sys/fs/cgrou[^p]*{,/**} wklx,
   deny /sys/fs/cgroup?*{,/**} wklx,
   deny /sys/fs?*{,/**} wklx,
+
+@BEGIN_APPARMOR_3@
+  include if exists <abstractions/libvirt-lxc.d>
+@END_APPARMOR_3@
diff --git a/src/security/apparmor/libvirt-qemu.in b/src/security/apparmor/libvirt-qemu.in
index 1548cf23bf..53f45c3a28 100644
--- a/src/security/apparmor/libvirt-qemu.in
+++ b/src/security/apparmor/libvirt-qemu.in
@@ -271,3 +271,7 @@
   # required for QEMU accessing UEFI nvram variables
   owner /var/lib/libvirt/qemu/nvram/*_VARS.fd rwk,
   owner /var/lib/libvirt/qemu/nvram/*_VARS.ms.fd rwk,
+
+@BEGIN_APPARMOR_3@
+  include if exists <abstractions/libvirt-qemu.d>
+@END_APPARMOR_3@