The subprofile can only work by including the abstraction shipped
in the passt package, which we can't assume is present, and
'include if exists' doesn't work well on 2.x.
No distro that's stuck on AppArmor 2.x is likely to be shipping
passt anyway.
Signed-off-by: Andrea Bolognani <abolo...@redhat.com>
---
src/security/apparmor/libvirt-qemu.in | 2 ++
1 file changed, 2 insertions(+)
diff --git a/src/security/apparmor/libvirt-qemu.in
b/src/security/apparmor/libvirt-qemu.in
index 44056b5f14..1548cf23bf 100644
--- a/src/security/apparmor/libvirt-qemu.in
+++ b/src/security/apparmor/libvirt-qemu.in
@@ -185,6 +185,7 @@
/usr/{lib,lib64}/libswtpm_libtpms.so mr,
/usr/lib/@{multiarch}/libswtpm_libtpms.so mr,
+@BEGIN_APPARMOR_3@
# support for passt network back-end
/usr/bin/passt Cx -> passt,
@@ -199,6 +200,7 @@
include if exists <abstractions/passt>
}
+@END_APPARMOR_3@
# for save and resume
/{usr/,}bin/dash rmix,
--
2.41.0
