Implement the standard AppArmor 3.x abstraction extension approach. Signed-off-by: Andrea Bolognani <abolo...@redhat.com> --- src/security/apparmor/libvirt-lxc.in | 4 ++++ src/security/apparmor/libvirt-qemu.in | 4 ++++ 2 files changed, 8 insertions(+)
diff --git a/src/security/apparmor/libvirt-lxc.in b/src/security/apparmor/libvirt-lxc.in index 0c8b812743..ffe4d8f21f 100644 --- a/src/security/apparmor/libvirt-lxc.in +++ b/src/security/apparmor/libvirt-lxc.in @@ -116,3 +116,7 @@ deny /sys/fs/cgrou[^p]*{,/**} wklx, deny /sys/fs/cgroup?*{,/**} wklx, deny /sys/fs?*{,/**} wklx, + +@BEGIN_APPARMOR_3@ + include if exists <abstractions/libvirt-lxc.d> +@END_APPARMOR_3@ diff --git a/src/security/apparmor/libvirt-qemu.in b/src/security/apparmor/libvirt-qemu.in index 1548cf23bf..53f45c3a28 100644 --- a/src/security/apparmor/libvirt-qemu.in +++ b/src/security/apparmor/libvirt-qemu.in @@ -271,3 +271,7 @@ # required for QEMU accessing UEFI nvram variables owner /var/lib/libvirt/qemu/nvram/*_VARS.fd rwk, owner /var/lib/libvirt/qemu/nvram/*_VARS.ms.fd rwk, + +@BEGIN_APPARMOR_3@ + include if exists <abstractions/libvirt-qemu.d> +@END_APPARMOR_3@ -- 2.41.0