File apparmor-qemu-bridge-helper.patch of Package libvirt

From 430cd5a72cf1f5c3e56cf1b4b40385812477aef3 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
Date: Fri, 5 Aug 2016 09:32:54 +0200
Subject: [PATCH] apparmor: move qemu-bridge-helper to libvirtd profile

qemu-bridge-helper is only called from libvirtd, it has to be moved
from the qemu domain abstraction to the usr.sbin.libvirtd profile.
---
 examples/apparmor/libvirt-qemu      | 19 -------------------
 examples/apparmor/usr.sbin.libvirtd | 18 ++++++++++++++++++
 2 files changed, 18 insertions(+), 19 deletions(-)

Index: libvirt-2.0.0/examples/apparmor/libvirt-qemu
===================================================================
--- libvirt-2.0.0.orig/examples/apparmor/libvirt-qemu
+++ libvirt-2.0.0/examples/apparmor/libvirt-qemu
@@ -151,22 +151,3 @@
   /etc/udev/udev.conf r,
   /sys/bus/ r,
   /sys/class/ r,
-
-  /usr/{lib,libexec}/qemu-bridge-helper Cx -> qemu_bridge_helper,
-  # child profile for bridge helper process
-  profile qemu_bridge_helper {
-   #include <abstractions/base>
-
-   capability setuid,
-   capability setgid,
-   capability setpcap,
-   capability net_admin,
-
-   network inet stream,
-
-   /dev/net/tun rw,
-   /etc/qemu/** r,
-   owner @{PROC}/*/status r,
-
-   /usr/{lib,libexec}/qemu-bridge-helper rmix,
-  }
Index: libvirt-2.0.0/examples/apparmor/usr.sbin.libvirtd
===================================================================
--- libvirt-2.0.0.orig/examples/apparmor/usr.sbin.libvirtd
+++ libvirt-2.0.0/examples/apparmor/usr.sbin.libvirtd
@@ -67,4 +67,22 @@
   # allow changing to our UUID-based named profiles
   change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*,
 
+  /usr/{lib,libexec}/qemu-bridge-helper Cx -> qemu_bridge_helper,
+  # child profile for bridge helper process
+  profile qemu_bridge_helper {
+   #include <abstractions/base>
+
+   capability setuid,
+   capability setgid,
+   capability setpcap,
+   capability net_admin,
+
+   network inet stream,
+
+   /dev/net/tun rw,
+   /etc/qemu/** r,
+   owner @{PROC}/*/status r,
+
+   /usr/{lib,libexec}/qemu-bridge-helper rmix,
+  }
 }