From: Jim Fehlig <jfehlig@suse.com>
Date: Tue, 22 Sep 2020 22:34:22 +0000 (-0600)
Subject: apparmor: Allow /usr/libexec for libxl-save-helper and pygrub
X-Git-Tag: v6.8.0-rc2~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e906c4d02bdcddf141b4d124afd68c8ee10134fe;p=thirdparty%2Flibvirt.git

apparmor: Allow /usr/libexec for libxl-save-helper and pygrub

Like other distros, openSUSE Tumbleweed recently changed libexecdir from
/usr/lib to /usr/libexec. Add it as an allowed path for libxl-save-helper
and pygrub.

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Neal Gompa <ngompa13@gmail.com>
Reviewed-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
---

diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/apparmor/usr.sbin.libvirtd.in
index f2030764cd..bf4563e1e8 100644
--- a/src/security/apparmor/usr.sbin.libvirtd.in
+++ b/src/security/apparmor/usr.sbin.libvirtd.in
@@ -86,8 +86,8 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) {
   /{usr/,}lib/udev/scsi_id PUx,
   /usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx,
   /usr/{lib,lib64}/xen/bin/* Ux,
-  /usr/lib/xen-*/bin/libxl-save-helper PUx,
-  /usr/lib/xen-*/bin/pygrub PUx,
+  /usr/{lib,libexec}/xen-*/bin/libxl-save-helper PUx,
+  /usr/{lib,libexec}/xen-*/bin/pygrub PUx,
   /usr/{lib,lib64,lib/qemu,libexec}/vhost-user-gpu PUx,
   /usr/{lib,lib64,lib/qemu,libexec}/virtiofsd PUx,