[apparmor] Added the right permission for the bridge_helper exec

canonical · Jan 14, 2025 · f87ce6b · f87ce6b
1 parent 78bdb6d
commit f87ce6b
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/src/platform/backends/qemu/qemu_vm_process_spec.cpp b/src/platform/backends/qemu/qemu_vm_process_spec.cpp
@@ -123,6 +123,10 @@ profile %1 flags=(attach_disconnected) {
   capability setgid,
   capability setuid,
 
+  # for bridge helper
+  capability net_admin,
+  capability net_raw,
+
   network inet stream,
   network inet6 stream,
 
@@ -154,7 +158,7 @@ profile %1 flags=(attach_disconnected) {
   /{usr/,}bin/cat rmix,
 
   # to execute bridge helper
-  %4/bin/bridge_helper,
+  %4/bin/bridge_helper ix,
 
   # for restore
   /{usr/,}bin/bash rmix,