On Wed, Sep 23, 2020 at 12:35 AM Jim Fehlig <jfehlig@xxxxxxxx> wrote: > > Like other distros, openSUSE Tumbleweed recently changed libexecdir from > /usr/lib to /usr/libexec. Add it as an allowed path for libxl-save-helper > and pygrub. Hi Jim, ack to the intention, but I think since this should use @libexecdir@ I think. Or did anything change that this doesn't apply anymore ... in that case I beg your pardon. [1]: https://libvirt.org/git/?p=libvirt.git;a=commit;h=5c8bd31c881e99261ac098e867a79b300440731a > Signed-off-by: Jim Fehlig <jfehlig@xxxxxxxx> > --- > > I considered including /usr/lib64, but I don't think any distros are > installing xen libexecdir targets to /usr/lib64. Happy to include it > if I'm wrong :-). > > src/security/apparmor/usr.sbin.libvirtd.in | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/apparmor/usr.sbin.libvirtd.in > index f2030764cd..bf4563e1e8 100644 > --- a/src/security/apparmor/usr.sbin.libvirtd.in > +++ b/src/security/apparmor/usr.sbin.libvirtd.in > @@ -86,8 +86,8 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) { > /{usr/,}lib/udev/scsi_id PUx, > /usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx, > /usr/{lib,lib64}/xen/bin/* Ux, > - /usr/lib/xen-*/bin/libxl-save-helper PUx, > - /usr/lib/xen-*/bin/pygrub PUx, > + /usr/{lib,libexec}/xen-*/bin/libxl-save-helper PUx, > + /usr/{lib,libexec}/xen-*/bin/pygrub PUx, > /usr/{lib,lib64,lib/qemu,libexec}/vhost-user-gpu PUx, > /usr/{lib,lib64,lib/qemu,libexec}/virtiofsd PUx, > > -- > 2.28.0 > > -- Christian Ehrhardt Staff Engineer, Ubuntu Server Canonical Ltd
