On Mon, May 15, 2017 at 03:23:17PM +0200, Stefan Bader wrote: > Local overrides is a feature Debian/Ubuntu libvirt provided for a while. > This allows the user to have a non-conffile that he can use to extend the > package delivered rules with extra content matching his special case. > > This change provides override templates which the user can extend > and modifies the makefile template to include those when installing > the apparmor profiles. > > Signed-off-by: Christian Ehrhardt <christian.ehrhardt@xxxxxxxxxxxxx> > Signed-off-by: Stefan Bader <stefan.bader@xxxxxxxxxxxxx> > --- > examples/Makefile.am | 14 ++++++++++++++ > examples/apparmor/local-usr.lib.libvirt.virt-aa-helper | 2 ++ > examples/apparmor/local-usr.sbin.libvirtd | 2 ++ > 3 files changed, 18 insertions(+) > create mode 100644 examples/apparmor/local-usr.lib.libvirt.virt-aa-helper > create mode 100644 examples/apparmor/local-usr.sbin.libvirtd > > diff --git a/examples/Makefile.am b/examples/Makefile.am > index 2956e14..16c7bf6 100644 > --- a/examples/Makefile.am > +++ b/examples/Makefile.am > @@ -25,6 +25,8 @@ EXTRA_DIST = \ > apparmor/libvirt-lxc \ > apparmor/usr.lib.libvirt.virt-aa-helper \ > apparmor/usr.sbin.libvirtd \ > + apparmor/local-usr.sbin.libvirtd \ > + apparmor/local-usr.lib.libvirt.virt-aa-helper \ > lxcconvert/virt-lxc-convert \ > polkit/libvirt-acl.rules \ > $(wildcard $(srcdir)/systemtap/*.stp) \ > @@ -74,6 +76,18 @@ apparmor_DATA = \ > apparmor/usr.sbin.libvirtd \ > $(NULL) > > +localdir = $(apparmordir)/local > +local_DATA = \ > + apparmor/local-usr.sbin.libvirtd \ > + apparmor/local-usr.lib.libvirt.virt-aa-helper \ > + $(NULL) > + > +install-data-hook: > + mv $(DESTDIR)$(localdir)/local-usr.sbin.libvirtd \ > + $(DESTDIR)$(localdir)/usr.sbin.libvirtd > + mv $(DESTDIR)$(localdir)/local-usr.lib.libvirt.virt-aa-helper \ > + $(DESTDIR)$(localdir)/usr.lib.libvirt.virt-aa-helper > + > abstractionsdir = $(apparmordir)/abstractions > abstractions_DATA = \ > apparmor/libvirt-qemu \ > diff --git a/examples/apparmor/local-usr.lib.libvirt.virt-aa-helper b/examples/apparmor/local-usr.lib.libvirt.virt-aa-helper > new file mode 100644 > index 0000000..82c9c39 > --- /dev/null > +++ b/examples/apparmor/local-usr.lib.libvirt.virt-aa-helper > @@ -0,0 +1,2 @@ > +# Site-specific additions and overrides for usr.lib.libvirt.virt-aa-helper. > +# For more details, please see /etc/apparmor.d/local/README. > diff --git a/examples/apparmor/local-usr.sbin.libvirtd b/examples/apparmor/local-usr.sbin.libvirtd > new file mode 100644 > index 0000000..6e19f20 > --- /dev/null > +++ b/examples/apparmor/local-usr.sbin.libvirtd > @@ -0,0 +1,2 @@ > +# Site-specific additions and overrides for usr.sbin.libvirtd. > +# For more details, please see /etc/apparmor.d/local/README. I wonder if this is too much distro speifics? (We're shipping the same in Debian). It should in any case be squashed into the previous commit. Cheers, -- Guido -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
