From 2be2fb9a9f237daca2b78677e51f870624a074a9 Mon Sep 17 00:00:00 2001
From: Danny Sauer <gitlab@dannysauer.com>
Date: Mon, 8 Jul 2024 04:30:25 +0000
Subject: [PATCH] Allow unmounting some things libvirt mounted

Signed-off-by: Danny Sauer <github@dannysauer.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>
---
 src/security/apparmor/usr.sbin.libvirtd.in  | 1 +
 src/security/apparmor/usr.sbin.virtqemud.in | 1 +
 2 files changed, 2 insertions(+)

diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/apparmor/usr.sbin.libvirtd.in
index 1601d73d47..47292d6c64 100644
--- a/src/security/apparmor/usr.sbin.libvirtd.in
+++ b/src/security/apparmor/usr.sbin.libvirtd.in
@@ -42,6 +42,7 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) {
   mount options=(rw, move) /dev/** -> /{,var/}run/libvirt/qemu/*{,/},
   mount options=(rw, move) /{,var/}run/libvirt/qemu/*.dev/ -> /dev/,
   mount options=(rw, move) /{,var/}run/libvirt/qemu/*{,/} -> /dev/**,
+  umount /{,var/}run/libvirt/qemu/*{,/},
 
   network inet stream,
   network inet dgram,
diff --git a/src/security/apparmor/usr.sbin.virtqemud.in b/src/security/apparmor/usr.sbin.virtqemud.in
index 6b9c5d32d9..bbc6513146 100644
--- a/src/security/apparmor/usr.sbin.virtqemud.in
+++ b/src/security/apparmor/usr.sbin.virtqemud.in
@@ -42,6 +42,7 @@ profile virtqemud @sbindir@/virtqemud flags=(attach_disconnected) {
   mount options=(rw, move) /dev/** -> /{,var/}run/libvirt/qemu/*{,/},
   mount options=(rw, move) /{,var/}run/libvirt/qemu/*.dev/ -> /dev/,
   mount options=(rw, move) /{,var/}run/libvirt/qemu/*{,/} -> /dev/**,
+  umount /{,var/}run/libvirt/qemu/*{,/},
 
   network inet stream,
   network inet dgram,
-- 
2.47.2