On Sat, 2016-12-03 at 18:32 +0000, intrigeri wrote:

From: intrigeri <intrigeri@debian.org>

---  examples/apparmor/libvirt-qemu                   | 8 ++++----  examples/apparmor/usr.lib.libvirt.virt-aa-helper | 2 +-  examples/apparmor/usr.sbin.libvirtd              | 4 ++--  3 files changed, 7 insertions(+), 7 deletions(-)

diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu index 11381d4..133c2eb 100644 --- a/examples/apparmor/libvirt-qemu +++ b/examples/apparmor/libvirt-qemu @@ -136,12 +136,12 @@    /usr/{lib,lib64}/qemu/block-rbd.so mr,      # for save and resume -  /bin/dash rmix, -  /bin/dd rmix, -  /bin/cat rmix, +  /{usr/,}bin/dash rmix, +  /{usr/,}bin/dd rmix, +  /{usr/,}bin/cat rmix,      # for restore -  /bin/bash rmix, +  /{usr/,}bin/bash rmix,      # for usb access    /dev/bus/usb/ r, diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper b/examples/apparmor/usr.lib.libvirt.virt-aa-helper index b34fb35..4a8f197 100644 --- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper +++ b/examples/apparmor/usr.lib.libvirt.virt-aa-helper @@ -21,7 +21,7 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa- helper {    /sys/devices/** r,      /usr/{lib,lib64}/libvirt/virt-aa-helper mr, -  /sbin/apparmor_parser Ux, +  /{usr/,}sbin/apparmor_parser Ux,      /etc/apparmor.d/libvirt/* r,    /etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0- 9a-f]* rw, diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd index 48651b2..934124b 100644 --- a/examples/apparmor/usr.sbin.libvirtd +++ b/examples/apparmor/usr.sbin.libvirtd @@ -47,12 +47,12 @@    /usr/bin/* PUx,    /usr/sbin/virtlogd pix,    /usr/sbin/* PUx, -  /lib/udev/scsi_id PUx, +  /{usr/,}lib/udev/scsi_id PUx,    /usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx,    /usr/{lib,lib64}/xen/bin/* Ux,      # force the use of virt-aa-helper -  audit deny /sbin/apparmor_parser rwxl, +  audit deny /{usr/,}sbin/apparmor_parser rwxl,    audit deny /etc/apparmor.d/libvirt/** wxl,    audit deny /sys/kernel/security/apparmor/features rwxl,    audit deny /sys/kernel/security/apparmor/matching rwxl,

Changes LGTM. -- Jamie Strandboge | http://www.canonical.com