NuKVM/libvirt
3
0
Fork 0
mirror of https://github.com/libvirt/libvirt.git synced 2025-02-25 18:55:26 -06:00
Code Issues Packages Projects Releases Wiki Activity

Improve the apparmor example

Browse Source 
* examples/apparmor/libvirt-qemu examples/apparmor/usr.sbin.libvirtd
  examples/apparmor/usr.lib.libvirt.virt-aa-helper: Update the examples
This commit is contained in:
Jamie Strandboge
2010-04-06 22:56:07 +02:00
committed by Daniel Veillard
parent 1a253b38e2
commit 2df320609a
3 changed files with 32 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
examples/apparmor/usr.sbin.libvirtd
View File

@@ -1,4 +1,4 @@
# Last Modified: Wed Sep 23 23:23:58 2009
# Last Modified: Mon Apr 5 15:03:58 2010
#include <tunables/global>
@{LIBVIRT}="libvirt"
@@ -21,6 +21,7 @@
capability chown,
capability setpcap,
capability mknod,
capability fsetid,
network inet stream,
network inet dgram,
@@ -35,7 +36,6 @@
/sbin/* Ux,
/usr/bin/* Ux,
/usr/sbin/* Ux,
/usr/lib/libvirt/* Ux,
# force the use of virt-aa-helper
audit deny /sbin/apparmor_parser rwxl,
@@ -44,7 +44,7 @@
audit deny /sys/kernel/security/apparmor/matching rwxl,
audit deny /sys/kernel/security/apparmor/.* rwxl,
/sys/kernel/security/apparmor/profiles r,
/usr/lib/libvirt/virt-aa-helper Pxr,
/usr/lib/libvirt/* PUxr,
# allow changing to our UUID-based named profiles
change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,