app-emulation/libvirt: add apparmor rule for seavgabios

Closes: https://bugs.gentoo.org/629718 Signed-off-by: Anton Smirnov <aporilel@yandex.ru> Closes: https://github.com/gentoo/gentoo/pull/15255 Signed-off-by: Joonas Niilola <juippis@gentoo.org>
author: aporilel <aporilel@yandex.ru> 2020-08-23 11:20:28 +0000
committer: Joonas Niilola <juippis@gentoo.org> 2020-09-05 10:53:46 +0300
commit: a4d74d2fec11558f4de07a0411e143d5dbe2db72 (patch)
tree: e3574e87979c4be32e7605b5f0367b04b4ab8ab4 /app-emulation
parent: net-irc/weechat: remove ruby-2.4 references (diff)
download: gentoo-a4d74d2fec11558f4de07a0411e143d5dbe2db72.tar.gz
gentoo-a4d74d2fec11558f4de07a0411e143d5dbe2db72.tar.bz2
gentoo-a4d74d2fec11558f4de07a0411e143d5dbe2db72.zip
2 files changed, 83 insertions, 1 deletions
diff --git a/app-emulation/libvirt/files/libvirt-6.5.0-fix-paths-for-apparmor.patch b/app-emulation/libvirt/files/libvirt-6.5.0-fix-paths-for-apparmor.patch
new file mode 100644
index 000000000000..97e50cd357c6
--- /dev/null
+++ b/app-emulation/libvirt/files/libvirt-6.5.0-fix-paths-for-apparmor.patch
@@ -0,0 +1,82 @@
+diff --git a/src/Makefile.in b/src/Makefile.in
+index 36bd280..07cebdf 100644
+--- a/src/Makefile.in
++++ b/src/Makefile.in
+@@ -4473,7 +4473,7 @@ SECURITY_DRIVER_APPARMOR_SOURCES = \
+ 	$(NULL)
+ 
+ SECURITY_DRIVER_APPARMOR_GENERATED_PROFILES_IN = \
+-	security/apparmor/usr.lib.libvirt.virt-aa-helper.in \
++	security/apparmor/usr.libexec.virt-aa-helper.in \
+ 	security/apparmor/usr.sbin.libvirtd.in \
+ 	$(NULL)
+ 
+@@ -13821,11 +13821,11 @@ security/apparmor/%: $(srcdir)/security/apparmor/%.in
+ @WITH_APPARMOR_PROFILES_TRUE@install-apparmor-local: $(SECURITY_DRIVER_APPARMOR_GENERATED_PROFILES)
+ @WITH_APPARMOR_PROFILES_TRUE@	$(MKDIR_P) "$(APPARMOR_LOCAL_DIR)"
+ @WITH_APPARMOR_PROFILES_TRUE@	echo "# Site-specific additions and overrides for \
+-@WITH_APPARMOR_PROFILES_TRUE@		'usr.lib.libvirt.virt-aa-helper'" \
+-@WITH_APPARMOR_PROFILES_TRUE@		>"$(APPARMOR_LOCAL_DIR)/usr.lib.libvirt.virt-aa-helper"
++@WITH_APPARMOR_PROFILES_TRUE@		'usr.libexec.virt-aa-helper'" \
++@WITH_APPARMOR_PROFILES_TRUE@		>"$(APPARMOR_LOCAL_DIR)/usr.libexec.virt-aa-helper"
+ 
+ @WITH_APPARMOR_PROFILES_TRUE@uninstall-apparmor-local:
+-@WITH_APPARMOR_PROFILES_TRUE@	rm -f "$(APPARMOR_LOCAL_DIR)/usr.lib.libvirt.virt-aa-helper"
++@WITH_APPARMOR_PROFILES_TRUE@	rm -f "$(APPARMOR_LOCAL_DIR)/usr.libexec.virt-aa-helper"
+ @WITH_APPARMOR_PROFILES_TRUE@	rmdir "$(APPARMOR_LOCAL_DIR)" || :
+ 
+ $(ACCESS_DRIVER_POLKIT_POLICY): $(srcdir)/access/viraccessperm.h \
+diff --git a/src/security/Makefile.inc.am b/src/security/Makefile.inc.am
+index 5f2f4c8..d457cc6 100644
+--- a/src/security/Makefile.inc.am
++++ b/src/security/Makefile.inc.am
+@@ -31,7 +31,7 @@ SECURITY_DRIVER_APPARMOR_SOURCES = \
+ 	$(NULL)
+ 
+ SECURITY_DRIVER_APPARMOR_GENERATED_PROFILES_IN = \
+-	security/apparmor/usr.lib.libvirt.virt-aa-helper.in \
++	security/apparmor/usr.libexec.virt-aa-helper.in \
+ 	security/apparmor/usr.sbin.libvirtd.in \
+ 	$(NULL)
+ 
+@@ -130,11 +130,11 @@ APPARMOR_LOCAL_DIR = "$(DESTDIR)$(apparmordir)/local"
+ install-apparmor-local: $(SECURITY_DRIVER_APPARMOR_GENERATED_PROFILES)
+ 	$(MKDIR_P) "$(APPARMOR_LOCAL_DIR)"
+ 	echo "# Site-specific additions and overrides for \
+-		'usr.lib.libvirt.virt-aa-helper'" \
+-		>"$(APPARMOR_LOCAL_DIR)/usr.lib.libvirt.virt-aa-helper"
++		'usr.libexec.virt-aa-helper'" \
++		>"$(APPARMOR_LOCAL_DIR)/usr.libexec.virt-aa-helper"
+ 
+ uninstall-apparmor-local:
+-	rm -f "$(APPARMOR_LOCAL_DIR)/usr.lib.libvirt.virt-aa-helper"
++	rm -f "$(APPARMOR_LOCAL_DIR)/usr.libexec.virt-aa-helper"
+ 	rmdir "$(APPARMOR_LOCAL_DIR)" || :
+ 
+ INSTALL_DATA_LOCAL += install-apparmor-local
+diff --git a/src/security/apparmor/libvirt-qemu b/src/security/apparmor/libvirt-qemu
+index 80986ae..d550d8c 100644
+--- a/src/security/apparmor/libvirt-qemu
++++ b/src/security/apparmor/libvirt-qemu
+@@ -88,6 +88,7 @@
+   /usr/share/sgabios/** r,
+   /usr/share/slof/** r,
+   /usr/share/vgabios/** r,
++  /usr/share/seavgabios/** r,
+ 
+   # pki for libvirt-vnc and libvirt-spice (LP: #901272, #1690140)
+   /etc/pki/CA/ r,
+diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in b/src/security/apparmor/usr.libexec.virt-aa-helper.in
+similarity index 97%
+rename from src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in
+rename to src/security/apparmor/usr.libexec.virt-aa-helper.in
+index dd18c8a..d06f9cb 100644
+--- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in
++++ b/src/security/apparmor/usr.libexec.virt-aa-helper.in
+@@ -69,5 +69,5 @@ profile virt-aa-helper @libexecdir@/virt-aa-helper {
+   /**.[iI][sS][oO] r,
+   /**/disk{,.*} r,
+ 
+-  #include <local/usr.lib.libvirt.virt-aa-helper>
++  #include <local/usr.libexec.virt-aa-helper>
+ }
diff --git a/app-emulation/libvirt/libvirt-6.5.0.ebuild b/app-emulation/libvirt/libvirt-6.5.0-r1.ebuild
index f236af9bf3a6..8f75ce01f353 100644
--- a/app-emulation/libvirt/libvirt-6.5.0.ebuild
+++ b/app-emulation/libvirt/libvirt-6.5.0-r1.ebuild
@@ -123,7 +123,7 @@ DEPEND="${RDEPEND}
 
 PATCHES=(
 	"${FILESDIR}"/${PN}-6.0.0-fix_paths_in_libvirt-guests_sh.patch
-	"${FILESDIR}"/${PN}-6.1.0-fix-paths-for-apparmor.patch
+	"${FILESDIR}"/${PN}-6.5.0-fix-paths-for-apparmor.patch
 	"${FILESDIR}"/${PN}-6.5.0-do-not-use-sysconfig.patch
 )
author	aporilel <aporilel@yandex.ru>	2020-08-23 11:20:28 +0000
committer	Joonas Niilola <juippis@gentoo.org>	2020-09-05 10:53:46 +0300
commit	a4d74d2fec11558f4de07a0411e143d5dbe2db72 (patch)
tree	e3574e87979c4be32e7605b5f0367b04b4ab8ab4 /app-emulation
parent	net-irc/weechat: remove ruby-2.4 references (diff)
download	gentoo-a4d74d2fec11558f4de07a0411e143d5dbe2db72.tar.gz gentoo-a4d74d2fec11558f4de07a0411e143d5dbe2db72.tar.bz2 gentoo-a4d74d2fec11558f4de07a0411e143d5dbe2db72.zip