File 338b07af-apparmor-allow-helpers.patch of Package libvirt.11411
commit 338b07afa910702f41adb17bb854e4575e498852
Author: Mike Latimer <mlatimer@suse.com>
Date: Mon Jan 19 18:25:41 2015 -0700
Grant access to helpers
Apparmor must not prevent access to required helper programs. The following
helpers should be allowed to run in unconfined execution mode:
- libvirt_parthelper
- libvirt_iohelper
Index: libvirt-1.2.5/examples/apparmor/usr.sbin.libvirtd
===================================================================
--- libvirt-1.2.5.orig/examples/apparmor/usr.sbin.libvirtd
+++ libvirt-1.2.5/examples/apparmor/usr.sbin.libvirtd
@@ -57,6 +57,8 @@
audit deny /sys/kernel/security/apparmor/.* rwxl,
/sys/kernel/security/apparmor/profiles r,
/usr/{lib,lib64}/libvirt/* PUxr,
+ /usr/{lib,lib64}/libvirt/libvirt_parthelper ix,
+ /usr/{lib,lib64}/libvirt/libvirt_iohelper ix,
/etc/libvirt/hooks/** rmix,
/etc/xen/scripts/** rmix,