Implement the standard AppArmor 3.x abstraction extension
approach.

Signed-off-by: Andrea Bolognani <abolo...@redhat.com>
---
 src/security/apparmor/libvirt-lxc.in  | 4 ++++
 src/security/apparmor/libvirt-qemu.in | 4 ++++
 2 files changed, 8 insertions(+)

diff --git a/src/security/apparmor/libvirt-lxc.in 
b/src/security/apparmor/libvirt-lxc.in
index 0c8b812743..ffe4d8f21f 100644
--- a/src/security/apparmor/libvirt-lxc.in
+++ b/src/security/apparmor/libvirt-lxc.in
@@ -116,3 +116,7 @@
   deny /sys/fs/cgrou[^p]*{,/**} wklx,
   deny /sys/fs/cgroup?*{,/**} wklx,
   deny /sys/fs?*{,/**} wklx,
+
+@BEGIN_APPARMOR_3@
+  include if exists <abstractions/libvirt-lxc.d>
+@END_APPARMOR_3@
diff --git a/src/security/apparmor/libvirt-qemu.in 
b/src/security/apparmor/libvirt-qemu.in
index 1548cf23bf..53f45c3a28 100644
--- a/src/security/apparmor/libvirt-qemu.in
+++ b/src/security/apparmor/libvirt-qemu.in
@@ -271,3 +271,7 @@
   # required for QEMU accessing UEFI nvram variables
   owner /var/lib/libvirt/qemu/nvram/*_VARS.fd rwk,
   owner /var/lib/libvirt/qemu/nvram/*_VARS.ms.fd rwk,
+
+@BEGIN_APPARMOR_3@
+  include if exists <abstractions/libvirt-qemu.d>
+@END_APPARMOR_3@
-- 
2.41.0

Reply via email to