On Mon, 03 Aug 2020, Christian Ehrhardt wrote: > From: Stefan Bader <stefan.bader@xxxxxxxxxxxxx> > > When using xen through libxl in Debian/Ubuntu it needs to be able to > call pygrub. > > This is placed in a versioned path like /usr/lib/xen-4.11/bin. > In theory the rule could be more strict by rendering the libexec_dir > setting pkg-config can derive from libbxen-dev. But that would make > particular libvirt/xen packages version-depend on each other. It seems > more reasonable to avoid these versioned dependencies and use a wildcard > rule instead as it is already in place for libxl-save-helper. > > Note: This change was in Debian [1] and Ubuntu [2] for quite some time > already. > > [1]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=931768 > [2]: https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1326003 > > Signed-off-by: Christian Ehrhardt <christian.ehrhardt@xxxxxxxxxxxxx> > --- > src/security/apparmor/usr.sbin.libvirtd.in | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/apparmor/usr.sbin.libvirtd.in > index 1e137039e9..312fa4b6d1 100644 > --- a/src/security/apparmor/usr.sbin.libvirtd.in > +++ b/src/security/apparmor/usr.sbin.libvirtd.in > @@ -86,6 +86,7 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) { > /usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx, > /usr/{lib,lib64}/xen/bin/* Ux, > /usr/lib/xen-*/bin/libxl-save-helper PUx, > + /usr/lib/xen-*/bin/pygrub PUx, LGTM. +1 to apply -- Jamie Strandboge | http://www.canonical.com
