Debian has pygrub in /usr/lib/xen-*/bin/pygrub Allow it to be run. --- I'm open to making this more broad since it seems /usr/{lib,lib64}/xen/bin/* Ux, serves a similar purpose. Cheers, -- Guido src/security/apparmor/usr.sbin.libvirtd | 1 + 1 file changed, 1 insertion(+) diff --git a/src/security/apparmor/usr.sbin.libvirtd b/src/security/apparmor/usr.sbin.libvirtd index 29f9936ad9..f9a523c213 100644 --- a/src/security/apparmor/usr.sbin.libvirtd +++ b/src/security/apparmor/usr.sbin.libvirtd @@ -87,6 +87,7 @@ profile libvirtd /usr/sbin/libvirtd flags=(attach_disconnected) { /usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx, /usr/{lib,lib64}/xen/bin/* Ux, /usr/lib/xen-*/bin/libxl-save-helper PUx, + /usr/lib/xen-*/bin/pygrub PUx, # Required by nwfilter_ebiptables_driver.c:ebiptablesWriteToTempFile() to # read and run an ebtables script. -- 2.20.1