On Wed, 2019-08-21 at 10:38 +0200, Guido Günther wrote: > Debian has pygrub in > > /usr/lib/xen-*/bin/pygrub > > Allow it to be run. For those following along at home: see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931768 for more information. > +++ b/src/security/apparmor/usr.sbin.libvirtd > @@ -87,6 +87,7 @@ profile libvirtd /usr/sbin/libvirtd flags=(attach_disconnected) { > /usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx, > /usr/{lib,lib64}/xen/bin/* Ux, > /usr/lib/xen-*/bin/libxl-save-helper PUx, > + /usr/lib/xen-*/bin/pygrub PUx, This looks sane enough to me, so Reviewed-by: Andrea Bolognani <abologna@xxxxxxxxxx> but maybe wait a few days before pushing, to give people more familiar with AppArmor a chance to weigh in. -- Andrea Bolognani / Red Hat / Virtualization -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list