diff options
Diffstat (limited to 'examples/apparmor/usr.lib.libvirt.virt-aa-helper')
| -rw-r--r-- | examples/apparmor/usr.lib.libvirt.virt-aa-helper | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper b/examples/apparmor/usr.lib.libvirt.virt-aa-helper new file mode 100644 index 000000000..096b6753f --- /dev/null +++ b/examples/apparmor/usr.lib.libvirt.virt-aa-helper @@ -0,0 +1,22 @@ +# Last Modified: Mon Jul 06 17:22:37 2009 +#include <tunables/global> + +/usr/lib/libvirt/virt-aa-helper { + #include <abstractions/base> + + # needed for searching directories + capability dac_override, + capability dac_read_search, + + # needed for when disk is on a network filesystem + network inet, + + deny @{PROC}/[0-9]*/mounts r, + @{PROC}/filesystems r, + + /usr/lib/libvirt/virt-aa-helper mr, + /sbin/apparmor_parser Ux, + + /etc/apparmor.d/libvirt/* r, + /etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw, +} |