The QEMU package in Debian has recently moved the qemu-bridge-helper binary under /usr/libexec/qemu. Update the AppArmor profile accordingly. https://bugs.debian.org/1077915 Signed-off-by: Andrea Bolognani <abologna@xxxxxxxxxx> --- src/security/apparmor/usr.sbin.libvirtd.in | 4 ++-- src/security/apparmor/usr.sbin.virtqemud.in | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/apparmor/usr.sbin.libvirtd.in index 1601d73d47..5fa5c7842c 100644 --- a/src/security/apparmor/usr.sbin.libvirtd.in +++ b/src/security/apparmor/usr.sbin.libvirtd.in @@ -116,7 +116,7 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) { # allow changing to our UUID-based named profiles change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, - /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper Cx -> qemu_bridge_helper, + /usr/{lib,lib64,lib/qemu,libexec,libexec/qemu}/qemu-bridge-helper Cx -> qemu_bridge_helper, # child profile for bridge helper process profile qemu_bridge_helper { #include <abstractions/base> @@ -137,7 +137,7 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) { /etc/qemu/** r, owner @{PROC}/*/status r, - /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix, + /usr/{lib,lib64,lib/qemu,libexec,libexec/qemu}/qemu-bridge-helper rmix, } @BEGIN_APPARMOR_3@ diff --git a/src/security/apparmor/usr.sbin.virtqemud.in b/src/security/apparmor/usr.sbin.virtqemud.in index 6b9c5d32d9..ff2967c6eb 100644 --- a/src/security/apparmor/usr.sbin.virtqemud.in +++ b/src/security/apparmor/usr.sbin.virtqemud.in @@ -110,7 +110,7 @@ profile virtqemud @sbindir@/virtqemud flags=(attach_disconnected) { # allow changing to our UUID-based named profiles change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*, - /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper Cx -> qemu_bridge_helper, + /usr/{lib,lib64,lib/qemu,libexec,libexec/qemu}/qemu-bridge-helper Cx -> qemu_bridge_helper, # child profile for bridge helper process profile qemu_bridge_helper { #include <abstractions/base> @@ -130,7 +130,7 @@ profile virtqemud @sbindir@/virtqemud flags=(attach_disconnected) { /etc/qemu/** r, owner @{PROC}/*/status r, - /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix, + /usr/{lib,lib64,lib/qemu,libexec,libexec/qemu}/qemu-bridge-helper rmix, } @BEGIN_APPARMOR_3@ -- 2.45.2
