From: Tom <libvirt-patch@xxxxxxxxxx> This commit modifies the AppArmor profile for virt-aa-helper to accommodate an observed behavior in certain Linux distributions, such as ArchLinux. In these distributions, /usr/sbin symlinks to /usr/bin. To ensure that virt-aa-helper can execute apparmor_parser when it resides in /usr/bin, the profile has been updated accordingly. Signed-off-by: Tom <libvirt-patch@xxxxxxxxxx> Reviewed-by: Andrea Bolognani <abologna@xxxxxxxxxx> --- https://gitlab.com/libvirt/libvirt/-/merge_requests/373 Pushed. src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in index 26ee20a17d..44645c6989 100644 --- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in +++ b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in @@ -41,7 +41,7 @@ profile virt-aa-helper @libexecdir@/virt-aa-helper { deny /dev/mapper/* r, @libexecdir@/virt-aa-helper mr, - /{usr/,}sbin/apparmor_parser Ux, + /{usr/,}{s,}bin/apparmor_parser Ux, @sysconfdir@/apparmor.d/libvirt/* r, @sysconfdir@/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw, -- 2.46.0
