git.ipfire.org Git - thirdparty/libvirt.git/commit

author	Jim Fehlig <jfehlig@suse.com>
	Tue, 6 Jun 2023 17:05:50 +0000 (11:05 -0600)
committer	Jim Fehlig <jfehlig@suse.com>
	Wed, 7 Jun 2023 17:45:55 +0000 (11:45 -0600)
commit	9b743ee19053db2fc3da8fba1e9cf81915c1e2f4
tree	b18f3087ffdf7f74b6407188d5af02df280ad86c	tree
parent	17565ee0aa14cfb9e6114efb0354bc3a008351af	commit \| diff

apparmor: Add support for local profile customizations

Apparmor profiles in /etc/apparmor.d/ are config files that can and should
be replaced on package upgrade, which introduces the potential to overwrite
any local changes. Apparmor supports local profile customizations via
/etc/apparmor.d/local/<service> [1].

This change makes the support explicit by adding libvirtd, virtqemud, and
virtxend profile customization stubs to /etc/apparmor.d/local/. The stubs
are conditionally included by the corresponding main profiles.

[1] https://ubuntu.com/server/docs/security-apparmor
See "Profile customization" section

Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

src/security/apparmor/meson.build		diff \| blob \| blame \| history
src/security/apparmor/usr.sbin.libvirtd.in		diff \| blob \| blame \| history
src/security/apparmor/usr.sbin.libvirtd.local	[new file with mode: 0644]	blob
src/security/apparmor/usr.sbin.virtqemud.in		diff \| blob \| blame \| history
src/security/apparmor/usr.sbin.virtqemud.local	[new file with mode: 0644]	blob
src/security/apparmor/usr.sbin.virtxend.in		diff \| blob \| blame \| history
src/security/apparmor/usr.sbin.virtxend.local	[new file with mode: 0644]	blob