[libvirt] [PATCH 0/2] AppArmor lxc profile fixes

Hi all, Here are 2 patches fixing AppArmor profiles for lxc containers. The main problem was that the current profile was: 1/ too restricting as it needed to allow all needed applications 2/ used PUx permissions, which made systemd (or bash) run as unprofiled as they have no profiles defined. The new profile is based on container-default profile shipped for lxc on Ubuntu. All applications are now running under the parent profile (ix permission) and some critical files accesses are denied. The first patch also avoid writing the useless libvirt-UUID.files for lxc containers. Cédric Bosdonnat (2): Don't output libvirt-UUID.files for LXC apparmor profiles Rework lxc apparmor profile examples/apparmor/Makefile.am | 6 +- examples/apparmor/TEMPLATE.lxc | 15 ++++ examples/apparmor/{TEMPLATE => TEMPLATE.qemu} | 2 +- examples/apparmor/libvirt-lxc | 119 +++++++++++++++++++++++--- src/security/security_apparmor.c | 20 +++-- src/security/virt-aa-helper.c | 32 ++----- 6 files changed, 150 insertions(+), 44 deletions(-) create mode 100644 examples/apparmor/TEMPLATE.lxc rename examples/apparmor/{TEMPLATE => TEMPLATE.qemu} (75%) -- 1.8.4.5