Attachment #577724 for bug #686702

View | Details | Raw Unified | Return to bug 686702
Collapse All | Expand All




	security/apparmor/TEMPLATE.lxc \
	security/apparmor/libvirt-qemu \
	security/apparmor/libvirt-lxc \
	security/apparmor/usr.libexec.virt-aa-helper \
	security/apparmor/usr.sbin.libvirtd \
	$(NULL)


if WITH_APPARMOR_PROFILES
apparmordir = $(sysconfdir)/apparmor.d/
apparmor_DATA = \
	security/apparmor/usr.libexec.virt-aa-helper \
	security/apparmor/usr.sbin.libvirtd \
	$(NULL)


install-apparmor-local:
	$(MKDIR_P) "$(APPARMOR_LOCAL_DIR)"
	echo "# Site-specific additions and overrides for \
		'usr.libexec.virt-aa-helper'" \
		>"$(APPARMOR_LOCAL_DIR)/usr.libexec.virt-aa-helper"

uninstall-apparmor-local:
	rm -f "$(APPARMOR_LOCAL_DIR)/usr.libexec.virt-aa-helper"
	rmdir "$(APPARMOR_LOCAL_DIR)" || :

INSTALL_DATA_LOCAL += install-apparmor-local

Lines 87-92 Link Here

(-)a/src/security/apparmor/libvirt-qemu (+2 lines)
87	/usr/share/AAVMF/** r,	87	/usr/share/AAVMF/** r,
88	/usr/share/qemu-efi/** r,	88	/usr/share/qemu-efi/** r,
89	/usr/share/slof/** r,	89	/usr/share/slof/** r,
		90	/usr/share/seavgabios/** r,
		91	/usr/share/edk2-ovmf/** r,
90		92
91	# pki for libvirt-vnc and libvirt-spice (LP: #901272, #1690140)	93	# pki for libvirt-vnc and libvirt-spice (LP: #901272, #1690140)
92	/etc/pki/CA/ r,	94	/etc/pki/CA/ r,

Lines 1-7 Link Here

(-)a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper (-3 / +3 lines)
1	# Last Modified: Mon Apr 5 15:10:27 2010	1	# Last Modified: Mon Apr 5 15:10:27 2010
2	#include <tunables/global>	2	#include <tunables/global>
3		3
4	profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {	4	profile virt-aa-helper /usr/libexec/virt-aa-helper {
5	#include <abstractions/base>	5	#include <abstractions/base>
6		6
7	# needed for searching directories	7	# needed for searching directories
Lines 36-42 Link Here
36	deny /dev/mapper/ r,	36	deny /dev/mapper/ r,
37	deny /dev/mapper/* r,	37	deny /dev/mapper/* r,
38		38
39	/usr/{lib,lib64}/libvirt/virt-aa-helper mr,	39	/usr/libexec/virt-aa-helper mr,
40	/{usr/,}sbin/apparmor_parser Ux,	40	/{usr/,}sbin/apparmor_parser Ux,
41		41
42	/etc/apparmor.d/libvirt/* r,	42	/etc/apparmor.d/libvirt/* r,
Lines 66-70 Link Here
66	/**.[iI][sS][oO] r,	66	/**.[iI][sS][oO] r,
67	/*/disk{,.} r,	67	/*/disk{,.} r,
68		68
69	#include <local/usr.lib.libvirt.virt-aa-helper>	69	#include <local/usr.libexec.virt-aa-helper>
70	}	70	}

Lines 98-105 Link Here

(-)a/src/security/apparmor/usr.sbin.libvirtd (-3 / +4 lines)
98	audit deny /sys/kernel/security/apparmor/.* rwxl,	98	audit deny /sys/kernel/security/apparmor/.* rwxl,
99	/sys/kernel/security/apparmor/profiles r,	99	/sys/kernel/security/apparmor/profiles r,
100	/usr/{lib,lib64}/libvirt/* PUxr,	100	/usr/{lib,lib64}/libvirt/* PUxr,
101	/usr/{lib,lib64}/libvirt/libvirt_parthelper ix,	101	/usr/libexec/virt-aa-helper PUxr,
102	/usr/{lib,lib64}/libvirt/libvirt_iohelper ix,	102	/usr/libexec/libvirt_lxc PUxr,
		103	/usr/libexec/libvirt_parthelper ix,
		104	/usr/libexec/libvirt_iohelper ix,
103	/etc/libvirt/hooks/** rmix,	105	/etc/libvirt/hooks/** rmix,
104	/etc/xen/scripts/** rmix,	106	/etc/xen/scripts/** rmix,
105		107
106	-

Return to bug 686702

Lines 36-42 EXTRA_DIST += \ Link Here

(-)a/src/security/Makefile.inc.am (-5 / +5 lines)
36	security/apparmor/TEMPLATE.lxc \	36	security/apparmor/TEMPLATE.lxc \
37	security/apparmor/libvirt-qemu \	37	security/apparmor/libvirt-qemu \
38	security/apparmor/libvirt-lxc \	38	security/apparmor/libvirt-lxc \
39	security/apparmor/usr.lib.libvirt.virt-aa-helper \	39	security/apparmor/usr.libexec.virt-aa-helper \
40	security/apparmor/usr.sbin.libvirtd \	40	security/apparmor/usr.sbin.libvirtd \
41	$(NULL)	41	$(NULL)
42		42
Lines 90-96 endif WITH_SECDRIVER_APPARMOR Link Here
90	if WITH_APPARMOR_PROFILES	90	if WITH_APPARMOR_PROFILES
91	apparmordir = $(sysconfdir)/apparmor.d/	91	apparmordir = $(sysconfdir)/apparmor.d/
92	apparmor_DATA = \	92	apparmor_DATA = \
93	security/apparmor/usr.lib.libvirt.virt-aa-helper \	93	security/apparmor/usr.libexec.virt-aa-helper \
94	security/apparmor/usr.sbin.libvirtd \	94	security/apparmor/usr.sbin.libvirtd \
95	$(NULL)	95	$(NULL)
96		96
Lines 110-120 APPARMOR_LOCAL_DIR = "$(DESTDIR)$(apparmordir)/local" Link Here
110	install-apparmor-local:	110	install-apparmor-local:
111	$(MKDIR_P) "$(APPARMOR_LOCAL_DIR)"	111	$(MKDIR_P) "$(APPARMOR_LOCAL_DIR)"
112	echo "# Site-specific additions and overrides for \	112	echo "# Site-specific additions and overrides for \
113	'usr.lib.libvirt.virt-aa-helper'" \	113	'usr.libexec.virt-aa-helper'" \
114	>"$(APPARMOR_LOCAL_DIR)/usr.lib.libvirt.virt-aa-helper"	114	>"$(APPARMOR_LOCAL_DIR)/usr.libexec.virt-aa-helper"
115		115
116	uninstall-apparmor-local:	116	uninstall-apparmor-local:
117	rm -f "$(APPARMOR_LOCAL_DIR)/usr.lib.libvirt.virt-aa-helper"	117	rm -f "$(APPARMOR_LOCAL_DIR)/usr.libexec.virt-aa-helper"
118	rmdir "$(APPARMOR_LOCAL_DIR)" \|\| :	118	rmdir "$(APPARMOR_LOCAL_DIR)" \|\| :
119		119
120	INSTALL_DATA_LOCAL += install-apparmor-local	120	INSTALL_DATA_LOCAL += install-apparmor-local