From: Stefan Bader <stefan.bader@xxxxxxxxxxxxx>
temporary directories are a common place images are placed by users
for any sort of quick evaluation. Allow virt-aa-helper access to tmp
via the existing user-tmp apparmor abstraction.
That way if a guest definition has paths in temporary directories
virt-aa-helper can properly probe them e.g. for further backing files in
the case of qcow2.
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@xxxxxxxxxxxxx>
---
src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in
index dfc61e8de4..3f204799a6 100644
--- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in
+++ b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in
@@ -3,6 +3,7 @@
profile virt-aa-helper @libexecdir@/virt-aa-helper {
#include <abstractions/base>
#include <abstractions/nameservice>
+ #include <abstractions/user-tmp>
# needed for searching directories
capability dac_override,
--
2.27.0
