On Wed, Sep 23, 2020 at 12:35 AM Jim Fehlig <jfehlig@suse.com> wrote:
Like other distros, openSUSE Tumbleweed recently changed libexecdir from /usr/lib to /usr/libexec. Add it as an allowed path for libxl-save-helper and pygrub.
Hi Jim, ack to the intention, but I think since this should use @libexecdir@ I think. Or did anything change that this doesn't apply anymore ... in that case I beg your pardon. [1]: https://libvirt.org/git/?p=libvirt.git;a=commit;h=5c8bd31c881e99261ac098e867...
Signed-off-by: Jim Fehlig <jfehlig@suse.com> ---
I considered including /usr/lib64, but I don't think any distros are installing xen libexecdir targets to /usr/lib64. Happy to include it if I'm wrong :-).
src/security/apparmor/usr.sbin.libvirtd.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/apparmor/usr.sbin.libvirtd.in index f2030764cd..bf4563e1e8 100644 --- a/src/security/apparmor/usr.sbin.libvirtd.in +++ b/src/security/apparmor/usr.sbin.libvirtd.in @@ -86,8 +86,8 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) { /{usr/,}lib/udev/scsi_id PUx, /usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx, /usr/{lib,lib64}/xen/bin/* Ux, - /usr/lib/xen-*/bin/libxl-save-helper PUx, - /usr/lib/xen-*/bin/pygrub PUx, + /usr/{lib,libexec}/xen-*/bin/libxl-save-helper PUx, + /usr/{lib,libexec}/xen-*/bin/pygrub PUx, /usr/{lib,lib64,lib/qemu,libexec}/vhost-user-gpu PUx, /usr/{lib,lib64,lib/qemu,libexec}/virtiofsd PUx,
-- 2.28.0
-- Christian Ehrhardt Staff Engineer, Ubuntu Server Canonical Ltd