On 7/13/21 7:43 AM, Olaf Hering wrote:
This is a followup for commit e906c4d02bdcddf141b4d124afd68c8ee10134fe
("apparmor: Allow /usr/libexec for libxl-save-helper and pygrub"):
In recent rpm versions --libexecdir changed from /usr/lib64 to
/usr/libexec. A plain rpmbuild %configure in xen.git will install all
files, including the private copies of qemu, into /usr/libexec/xen/bin.
Expand the existing pattern to cover also this libexecdir variant.
Signed-off-by: Olaf Hering <olaf@xxxxxxxxx>
---
src/security/apparmor/usr.sbin.libvirtd.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/apparmor/usr.sbin.libvirtd.in
index 928782b709..f2ab6ff2aa 100644
--- a/src/security/apparmor/usr.sbin.libvirtd.in
+++ b/src/security/apparmor/usr.sbin.libvirtd.in
@@ -88,7 +88,7 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) {
@sbindir@/* PUx,
/{usr/,}lib/udev/scsi_id PUx,
/usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx,
- /usr/{lib,lib64}/xen/bin/* Ux,
+ /usr/{lib,lib64,libexec}/xen/bin/* Ux,
I see Michal already reviewed/committed this patch. I'll make the same change to
the new virtxend profile before pushing it.
Regards,
Jim
