Do for all other profiles what we already do for the
virt-aa-helper one. In this case we limit the feature to AppArmor
3.x, as it was never implemented for 2.x.
Signed-off-by: Andrea Bolognani <abologna@xxxxxxxxxx>
---
src/security/apparmor/usr.sbin.libvirtd.in | 4 ++++
src/security/apparmor/usr.sbin.virtqemud.in | 4 ++++
src/security/apparmor/usr.sbin.virtxend.in | 4 ++++
3 files changed, 12 insertions(+)
diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/apparmor/usr.sbin.libvirtd.in
index edb8dd8e26..1601d73d47 100644
--- a/src/security/apparmor/usr.sbin.libvirtd.in
+++ b/src/security/apparmor/usr.sbin.libvirtd.in
@@ -139,4 +139,8 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) {
/usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix,
}
+
+@BEGIN_APPARMOR_3@
+ include if exists <local/usr.sbin.libvirtd>
+@END_APPARMOR_3@
}
diff --git a/src/security/apparmor/usr.sbin.virtqemud.in b/src/security/apparmor/usr.sbin.virtqemud.in
index f269c60809..6b9c5d32d9 100644
--- a/src/security/apparmor/usr.sbin.virtqemud.in
+++ b/src/security/apparmor/usr.sbin.virtqemud.in
@@ -132,4 +132,8 @@ profile virtqemud @sbindir@/virtqemud flags=(attach_disconnected) {
/usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix,
}
+
+@BEGIN_APPARMOR_3@
+ include if exists <local/usr.sbin.virtqemud>
+@END_APPARMOR_3@
}
diff --git a/src/security/apparmor/usr.sbin.virtxend.in b/src/security/apparmor/usr.sbin.virtxend.in
index 72e0d801e5..78a11305f5 100644
--- a/src/security/apparmor/usr.sbin.virtxend.in
+++ b/src/security/apparmor/usr.sbin.virtxend.in
@@ -52,4 +52,8 @@ profile virtxend @sbindir@/virtxend flags=(attach_disconnected) {
@libexecdir@/libvirt_iohelper ix,
/etc/libvirt/hooks/** rmix,
/etc/xen/scripts/** rmix,
+
+@BEGIN_APPARMOR_3@
+ include if exists <local/usr.sbin.virtxend>
+@END_APPARMOR_3@
}
--
2.41.0
