Re: [libvirt] [PATCH 06/10] apparmor, libvirtd: Allow libxl-save-helper to run on Debian/Ubuntu

On Tue, May 23, 2017 at 06:22:44PM +0200, Stefan Bader wrote: > On Debian/Ubuntu the libxl-save-helper (used when saving/restoring > a domain through libxl) is located under /usr/lib/xen-<version>/bin. > > Bug-Ubuntu: https://bugs.launchpad.net/bugs/1334195 > > Signed-off-by: Christian Ehrhardt <christian.ehrhardt(a)canonical.com&gt; > Signed-off-by: Stefan Bader <stefan.bader(a)canonical.com&gt; > --- > examples/apparmor/usr.sbin.libvirtd | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd > index f43bfd5..64f6d2c 100644 > --- a/examples/apparmor/usr.sbin.libvirtd > +++ b/examples/apparmor/usr.sbin.libvirtd > @@ -51,6 +51,7 @@ > /usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx, > /usr/{lib,lib64}/xen/bin/* Ux, > /usr/lib/xen-*/bin/pygrub PUx, > + /usr/lib/xen-*/bin/libxl-save-helper PUx, Ack It would be nice if patches to help libvirtd would be split from ones that handle qemu confinement (virt-aa-helper, libvirt-qemu).

Cheers, -- Guidp > > # force the use of virt-aa-helper > audit deny /{usr/,}sbin/apparmor_parser rwxl, > -- > 2.7.4 > > -- > libvir-list mailing list > libvir-list(a)redhat.com > https://www.redhat.com/mailman/listinfo/libvir-list > -- libvir-list mailing list libvir-list(a)redhat.com https://www.redhat.com/mailman/listinfo/libvir-list