Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
libvirt.6841
apparmor-qemu-bridge-helper.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File apparmor-qemu-bridge-helper.patch of Package libvirt.6841
From 430cd5a72cf1f5c3e56cf1b4b40385812477aef3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com> Date: Fri, 5 Aug 2016 09:32:54 +0200 Subject: [PATCH] apparmor: move qemu-bridge-helper to libvirtd profile qemu-bridge-helper is only called from libvirtd, it has to be moved from the qemu domain abstraction to the usr.sbin.libvirtd profile. --- examples/apparmor/libvirt-qemu | 19 ------------------- examples/apparmor/usr.sbin.libvirtd | 18 ++++++++++++++++++ 2 files changed, 18 insertions(+), 19 deletions(-) Index: libvirt-2.0.0/examples/apparmor/libvirt-qemu =================================================================== --- libvirt-2.0.0.orig/examples/apparmor/libvirt-qemu +++ libvirt-2.0.0/examples/apparmor/libvirt-qemu @@ -151,22 +151,3 @@ /etc/udev/udev.conf r, /sys/bus/ r, /sys/class/ r, - - /usr/{lib,libexec}/qemu-bridge-helper Cx -> qemu_bridge_helper, - # child profile for bridge helper process - profile qemu_bridge_helper { - #include <abstractions/base> - - capability setuid, - capability setgid, - capability setpcap, - capability net_admin, - - network inet stream, - - /dev/net/tun rw, - /etc/qemu/** r, - owner @{PROC}/*/status r, - - /usr/{lib,libexec}/qemu-bridge-helper rmix, - } Index: libvirt-2.0.0/examples/apparmor/usr.sbin.libvirtd =================================================================== --- libvirt-2.0.0.orig/examples/apparmor/usr.sbin.libvirtd +++ libvirt-2.0.0/examples/apparmor/usr.sbin.libvirtd @@ -67,4 +67,22 @@ # allow changing to our UUID-based named profiles change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, + /usr/{lib,libexec}/qemu-bridge-helper Cx -> qemu_bridge_helper, + # child profile for bridge helper process + profile qemu_bridge_helper { + #include <abstractions/base> + + capability setuid, + capability setgid, + capability setpcap, + capability net_admin, + + network inet stream, + + /dev/net/tun rw, + /etc/qemu/** r, + owner @{PROC}/*/status r, + + /usr/{lib,libexec}/qemu-bridge-helper rmix, + } }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor