mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-23 21:34:54 +03:00
apparmor: convert libvirtd profile to a named profile
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
This commit is contained in:
parent
70c2933da2
commit
a3ab6d42d8
@ -2,7 +2,7 @@
|
||||
#include <tunables/global>
|
||||
@{LIBVIRT}="libvirt"
|
||||
|
||||
/usr/sbin/libvirtd flags=(attach_disconnected) {
|
||||
profile libvirtd /usr/sbin/libvirtd flags=(attach_disconnected) {
|
||||
#include <abstractions/base>
|
||||
#include <abstractions/dbus>
|
||||
|
||||
@ -51,7 +51,7 @@
|
||||
unix (send, receive) type=stream addr=none peer=(label=unconfined addr=none),
|
||||
|
||||
ptrace (read,trace) peer=unconfined,
|
||||
ptrace (read,trace) peer=/usr/sbin/libvirtd,
|
||||
ptrace (read,trace) peer=@{profile_name},
|
||||
ptrace (read,trace) peer=dnsmasq,
|
||||
ptrace (read,trace) peer=/usr/sbin/dnsmasq,
|
||||
ptrace (read,trace) peer=libvirt-*,
|
||||
@ -123,6 +123,7 @@
|
||||
# For communication/control from libvirtd
|
||||
unix (send, receive) type=stream addr=none peer=(label=/usr/sbin/libvirtd),
|
||||
signal (receive) set=("term") peer=/usr/sbin/libvirtd,
|
||||
signal (receive) set=("term") peer=libvirtd,
|
||||
|
||||
/dev/net/tun rw,
|
||||
/etc/qemu/** r,
|
||||
|
Loading…
Reference in New Issue
Block a user