File 338b07af-apparmor-allow-helpers.patch of Package libvirt.11411

commit 338b07afa910702f41adb17bb854e4575e498852
Author: Mike Latimer <mlatimer@suse.com>
Date:   Mon Jan 19 18:25:41 2015 -0700

    Grant access to helpers
    
    Apparmor must not prevent access to required helper programs. The following
    helpers should be allowed to run in unconfined execution mode:
    
     - libvirt_parthelper
     - libvirt_iohelper

Index: libvirt-1.2.5/examples/apparmor/usr.sbin.libvirtd
===================================================================
--- libvirt-1.2.5.orig/examples/apparmor/usr.sbin.libvirtd
+++ libvirt-1.2.5/examples/apparmor/usr.sbin.libvirtd
@@ -57,6 +57,8 @@
   audit deny /sys/kernel/security/apparmor/.* rwxl,
   /sys/kernel/security/apparmor/profiles r,
   /usr/{lib,lib64}/libvirt/* PUxr,
+  /usr/{lib,lib64}/libvirt/libvirt_parthelper ix,
+  /usr/{lib,lib64}/libvirt/libvirt_iohelper ix,
   /etc/libvirt/hooks/** rmix,
   /etc/xen/scripts/** rmix,
 
openSUSE Build Service is sponsored by