Merge pull request #46 from stackhpc/apparmor

Update libvirt QEMU apparmor profile template

Author: markgoddard

handlers/main.yml

@@ -5,3 +5,7 @@
     name: libvirtd
     state: restarted
   become: true
+
+- name: reload libvirt qemu apparmor profile template
+  command: apparmor_parser -r /etc/apparmor.d/libvirt/TEMPLATE.qemu
+  become: true

tasks/post-install-Debian.yml

@@ -25,3 +25,14 @@
   vars:
     libvirt_env_path: "{{ '/etc/default/libvirt-bin' if libvirt_bin_stat.stat.exists else '/etc/default/libvirtd' }}"
   tags: vars
+
+- name: Configure libvirt QEMU apparmor profile template
+  lineinfile:
+    path: "/etc/apparmor.d/libvirt/TEMPLATE.qemu"
+    insertbefore: "^}"
+    line: "  {{ item.path }}/** rwk,"
+  become: true
+  when: item.type == "dir"
+  loop: "{{ libvirt_host_pools | flatten(levels=1) }}"
+  notify:
+    - reload libvirt qemu apparmor profile template