apprarmor: unbreak lbvirt invoking qemu-bridge-helpers

21bc332f · Guido Günther · 2a23b239 · 21bc332f · 21bc332f
Commit 21bc332f authored 8 years ago by Guido Günther
--- a/debian/patches/apparmor-allow-usr-lib-qemu-qemu-bridge-helper.patch
+++ b/debian/patches/apparmor-allow-usr-lib-qemu-qemu-bridge-helper.patch
+From: =?utf-8?q?Guido_G=C3=BCnther?= <agx@sigxcpu.org>
+Date: Thu, 16 Mar 2017 17:50:33 +0100
+Subject: apparmor: allow /usr/lib/qemu/qemu-bridge-helper
+
+This unbreaks e.g. gnome-boxes
+---
+ examples/apparmor/usr.sbin.libvirtd | 4 ++--
+ 1 file changed, 2 insertions(+), 2 deletions(-)
+
+diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd
+index c40930b..ef241a5 100644
+--- a/examples/apparmor/usr.sbin.libvirtd
+++ b/examples/apparmor/usr.sbin.libvirtd
+@@ -67,7 +67,7 @@
+   # allow changing to our UUID-based named profiles
+   change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
+ 
+-  /usr/{lib,libexec}/qemu-bridge-helper Cx -> qemu_bridge_helper,
+  /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper Cx -> qemu_bridge_helper,
+   # child profile for bridge helper process
+   profile qemu_bridge_helper {
+    #include <abstractions/base>
+@@ -83,7 +83,7 @@
+    /etc/qemu/** r,
+    owner @{PROC}/*/status r,
+ 
+-   /usr/{lib,libexec}/qemu-bridge-helper rmix,
+   /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix,
+   }
+   
+   # Site-specific additions and overrides. See local/README for details.
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -20,4 +20,5 @@ test-posix_openpt-don-t-fail-on-EACCESS.patch
 Disable-use-of-namespaces-by-default.patch
 debian/Debianize-virtlogd.patch
 CVE-2017-2635-qemu-Don-t-update-physical-storage-size-of-.patch
-qemu-allow-QMP-probing-of-CPU-definitions-to-fail.patch
+apparmor-allow-usr-lib-qemu-qemu-bridge-helper.patch
+qemu-skip-QMP-probing-of-CPU-definitions-when-missing.patch