Like other distros, openSUSE Tumbleweed recently changed libexecdir from /usr/lib to /usr/libexec. Add it as an allowed path for libxl-save-helper and pygrub. Signed-off-by: Jim Fehlig <jfehlig(a)suse.com&gt; --- I considered including /usr/lib64, but I don't think any distros are installing xen libexecdir targets to /usr/lib64. Happy to include it if I'm wrong :-). src/security/apparmor/usr.sbin.libvirtd.in | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/apparmor/usr.sbin.libvirtd.in index f2030764cd..bf4563e1e8 100644 --- a/src/security/apparmor/usr.sbin.libvirtd.in +++ b/src/security/apparmor/usr.sbin.libvirtd.in @@ -86,8 +86,8 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) { /{usr/,}lib/udev/scsi_id PUx, /usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx, /usr/{lib,lib64}/xen/bin/* Ux, - /usr/lib/xen-*/bin/libxl-save-helper PUx, - /usr/lib/xen-*/bin/pygrub PUx, + /usr/{lib,libexec}/xen-*/bin/libxl-save-helper PUx, + /usr/{lib,libexec}/xen-*/bin/pygrub PUx, /usr/{lib,lib64,lib/qemu,libexec}/vhost-user-gpu PUx, /usr/{lib,lib64,lib/qemu,libexec}/virtiofsd PUx, -- 2.28.0