SLES 11 has legacy qemu-kvm package, /usr/bin/qemu-kvm and /usr/share/qemu-kvm need to be accessed by domains. --- examples/apparmor/libvirt-qemu | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu index 7aad391..a3043dd 100644 --- a/examples/apparmor/libvirt-qemu +++ b/examples/apparmor/libvirt-qemu @@ -59,6 +59,7 @@ # access to firmware's etc /usr/share/kvm/** r, /usr/share/qemu/** r, + /usr/share/qemu-kvm/** r, /usr/share/bochs/** r, /usr/share/openbios/** r, /usr/share/openhackware/** r, @@ -73,6 +74,7 @@ # the various binaries /usr/bin/kvm rmix, /usr/bin/qemu rmix, + /usr/bin/qemu-kvm rmix, /usr/bin/qemu-system-arm rmix, /usr/bin/qemu-system-cris rmix, /usr/bin/qemu-system-i386 rmix, @@ -118,12 +120,19 @@ /bin/dd rmix, /bin/cat rmix, + # for restore + /bin/bash rmix, + # for usb access /dev/bus/usb/ r, /etc/udev/udev.conf r, /sys/bus/ r, /sys/class/ r, + # nscd pieces + /run/nscd/group r, + /run/nscd/passwd r, + /usr/{lib,libexec}/qemu-bridge-helper Cx -> qemu_bridge_helper, # child profile for bridge helper process profile qemu_bridge_helper { -- 2.1.4 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list