From 9e7b1e646d301dc6e0ebf89e5fccd46b57bc9e15 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Bosdonnat?= <cbosdonnat@suse.com>
Date: Wed, 11 Mar 2015 11:09:40 +0100
Subject: Apparmor qemu abstraction fixes for SLES

SLES 11 has legacy qemu-kvm package, /usr/bin/qemu-kvm and
/usr/share/qemu-kvm need to be accessed to domains.
---
 examples/apparmor/libvirt-qemu | 9 +++++++++
 1 file changed, 9 insertions(+)

(limited to 'examples')

diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
index 7aad3911a2..a3043dd9bf 100644
--- a/examples/apparmor/libvirt-qemu
+++ b/examples/apparmor/libvirt-qemu
@@ -59,6 +59,7 @@
   # access to firmware's etc
   /usr/share/kvm/** r,
   /usr/share/qemu/** r,
+  /usr/share/qemu-kvm/** r,
   /usr/share/bochs/** r,
   /usr/share/openbios/** r,
   /usr/share/openhackware/** r,
@@ -73,6 +74,7 @@
   # the various binaries
   /usr/bin/kvm rmix,
   /usr/bin/qemu rmix,
+  /usr/bin/qemu-kvm rmix,
   /usr/bin/qemu-system-arm rmix,
   /usr/bin/qemu-system-cris rmix,
   /usr/bin/qemu-system-i386 rmix,
@@ -118,12 +120,19 @@
   /bin/dd rmix,
   /bin/cat rmix,
 
+  # for restore
+  /bin/bash rmix,
+
   # for usb access
   /dev/bus/usb/ r,
   /etc/udev/udev.conf r,
   /sys/bus/ r,
   /sys/class/ r,
 
+  # nscd pieces
+  /run/nscd/group r,
+  /run/nscd/passwd r,
+
   /usr/{lib,libexec}/qemu-bridge-helper Cx -> qemu_bridge_helper,
   # child profile for bridge helper process
   profile qemu_bridge_helper {
-- 
cgit v1.2.1