[PATCH] security: apparmor: Remove hardcoded "libvirtd" profile name

The apparmor driver probe function checks for an active profile matching the full path of the running daemon binary. If not found, it checks for a profile named "libvirtd". This works fine when the running daemon is the old monolithic libvirtd, but fails with modular daemons. Remove the check for a hardcoded "libvirtd" profile and replace with the basename of the running daemon binary. Signed-off-by: Jim Fehlig <jfehlig(a)suse.com&gt; --- src/security/security_apparmor.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c index c8e77c6cd2..eed0f265d6 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -239,7 +239,9 @@ use_apparmor(void) */ rc = profile_status(libvirt_daemon, 1); if (rc < 0) { - rc = profile_status("libvirtd", 1); + g_autofree char *basename = g_path_get_basename(libvirt_daemon); + + rc = profile_status(basename, 1); /* Error or unconfined should all result in -1 */ if (rc < 0) rc = -1; -- 2.43.0