[PATCH V2 0/4] Apparmor: Add profiles for hypervisor daemons

and other improvements. V2 of https://listman.redhat.com/archives/libvir-list/2021-June/msg00456.html Changes since V1: Removed many unneeded capabilities. I used the 'audit' qualifier as suggested by cboltz to verify which capabilities were actually used. It's a difficult task though, as it is nearly impossible for one person to exercise a driver in all the ways thousands of users will push it :-). I was able to whittle the virtxend profile quite a bit since xen doesn't need a lot in the way of host capabilities. Removed patch containing the virtlxcd profile since I'm unable to start any lxc domains with virtlxcd. Added patches to squelch denial messages from the virt-aa-helper profile. Jim Fehlig (4): Apparmor: Add profile for virtqemud Apparmor: Add profile for virtxend Apparmor: Allow reading libnl's classid file Apparmor: Allow reading /etc/ssl/openssl.cnf src/security/apparmor/libvirt-qemu | 5 + src/security/apparmor/meson.build | 2 + .../usr.lib.libvirt.virt-aa-helper.in | 4 +- src/security/apparmor/usr.sbin.virtqemud.in | 135 ++++++++++++++++++ src/security/apparmor/usr.sbin.virtxend.in | 53 +++++++ 5 files changed, 198 insertions(+), 1 deletion(-) create mode 100644 src/security/apparmor/usr.sbin.virtqemud.in create mode 100644 src/security/apparmor/usr.sbin.virtxend.in -- 2.31.1