mirrors/apparmor.d
1
0
Fork 0
mirror of https://github.com/roddhjav/apparmor.d.git synced 2025-01-18 00:48:10 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix( libvirtd): add missing resources.

Browse source 
See #158
This commit is contained in:
Alexandre Pujol 2023-04-30 14:51:09 +01:00
parent 697e196e42
commit fd3e7ba820
Failed to generate hash of commit
1 changed files with 8 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
apparmor.d/groups/virt/libvirtd
View file

@ -131,6 +131,7 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
/usr/share/hwdata/* r, /usr/share/hwdata/* r,
/usr/share/libvirt/{,**} r, /usr/share/libvirt/{,**} r,
/usr/share/mime/mime.cache r, /usr/share/mime/mime.cache r,
/usr/share/misc/pci.ids r,
/usr/share/qemu/{,**} r, /usr/share/qemu/{,**} r,
@{etc_rw}/apparmor.d/libvirt/libvirt-@{uuid} r, @{etc_rw}/apparmor.d/libvirt/libvirt-@{uuid} r,
@ -154,6 +155,7 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
@{run}/libvirtd.pid wk, @{run}/libvirtd.pid wk,
@{run}/lock/LCK.._pts_[0-9]* rw, @{run}/lock/LCK.._pts_[0-9]* rw,
@{run}/systemd/inhibit/[0-9]*.ref rw, @{run}/systemd/inhibit/[0-9]*.ref rw,
@{run}/systemd/notify w,
@{run}/utmp rk, @{run}/utmp rk,
@{run}/udev/data/+backlight:* r, @{run}/udev/data/+backlight:* r,
@ -169,10 +171,14 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
@{run}/udev/data/+sound:card* r, # For sound @{run}/udev/data/+sound:card* r, # For sound
@{run}/udev/data/+thunderbolt:* r, @{run}/udev/data/+thunderbolt:* r,
@{run}/udev/data/c1:[0-9]* r, # For RAM disk @{run}/udev/data/c1:[0-9]* r, # For RAM disk
@{run}/udev/data/c6:[0-9]* r, # For parallel printer devices /dev/lp*
@{run}/udev/data/c10:[0-9]* r, # For non-serial mice, misc features @{run}/udev/data/c10:[0-9]* r, # For non-serial mice, misc features
@{run}/udev/data/c13:[0-9]* r, # For /dev/input/* @{run}/udev/data/c13:[0-9]* r, # For /dev/input/*
@{run}/udev/data/c21:[0-9]* r, # Generic SCSI access
@{run}/udev/data/c29:* r, # For /dev/fb[0-9]* @{run}/udev/data/c29:* r, # For /dev/fb[0-9]*
@{run}/udev/data/c90:[0-9]* r, # For RAM, ROM, Flash @{run}/udev/data/c90:[0-9]* r, # For RAM, ROM, Flash
@{run}/udev/data/c99:[0-9]* r, # For raw parallel ports /dev/parport*
@{run}/udev/data/c108:[0-9]* r, # For /dev/ppp
@{run}/udev/data/c116:[0-9]* r, # For ALSA @{run}/udev/data/c116:[0-9]* r, # For ALSA
@{run}/udev/data/c202:[0-9]* r, # CPU model-specific registers @{run}/udev/data/c202:[0-9]* r, # CPU model-specific registers
@{run}/udev/data/c203:[0-9]* r, # CPU CPUID information @{run}/udev/data/c203:[0-9]* r, # CPU CPUID information
@ -207,6 +213,7 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
@{sys}/devices/virtual/dmi/id/* r, @{sys}/devices/virtual/dmi/id/* r,
@{sys}/devices/virtual/net/{,**} rw, @{sys}/devices/virtual/net/{,**} rw,
@{sys}/kernel/debug/kvm/{,**} r,
@{sys}/kernel/iommu_groups/ r, @{sys}/kernel/iommu_groups/ r,
@{sys}/kernel/iommu_groups/[0-9]*/devices/ r, @{sys}/kernel/iommu_groups/[0-9]*/devices/ r,
@{sys}/kernel/mm/hugepages/{,**} r, @{sys}/kernel/mm/hugepages/{,**} r,
@ -226,6 +233,7 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
@{PROC}/@{pid}/net/route r, @{PROC}/@{pid}/net/route r,
@{PROC}/@{pids}/cgroup r, @{PROC}/@{pids}/cgroup r,
@{PROC}/@{pids}/net/dev r, @{PROC}/@{pids}/net/dev r,
@{PROC}/@{pids}/net/ip_tables_names r,
@{PROC}/@{pids}/net/psched r, @{PROC}/@{pids}/net/psched r,
@{PROC}/@{pids}/stat r, @{PROC}/@{pids}/stat r,
@{PROC}/@{pids}/task/@{tid}/sched r, @{PROC}/@{pids}/task/@{tid}/sched r,
@ -236,7 +244,6 @@ profile libvirtd @{exec_path} flags=(attach_disconnected) {
@{PROC}/sys/net/ipv{4,6}/** rw, @{PROC}/sys/net/ipv{4,6}/** rw,
owner @{PROC}/@{pid}/fd/ r, owner @{PROC}/@{pid}/fd/ r,
owner @{PROC}/@{pid}/mounts r, owner @{PROC}/@{pid}/mounts r,
owner @{PROC}/@{pid}/net/ip_tables_names r,
owner @{PROC}/@{pid}/task/@{tid}/comm rw, owner @{PROC}/@{pid}/task/@{tid}/comm rw,
/dev/dri/ r, /dev/dri/ r,