diff --git a/handlers/main.yml b/handlers/main.yml index 8193fde..513a2e2 100644 --- a/handlers/main.yml +++ b/handlers/main.yml @@ -5,3 +5,7 @@ name: libvirtd state: restarted become: true + +- name: reload libvirt qemu apparmor profile template + command: apparmor_parser -r /etc/apparmor.d/libvirt/TEMPLATE.qemu + become: true diff --git a/tasks/post-install-Debian.yml b/tasks/post-install-Debian.yml index b62a414..3ffd8ac 100644 --- a/tasks/post-install-Debian.yml +++ b/tasks/post-install-Debian.yml @@ -25,3 +25,14 @@ vars: libvirt_env_path: "{{ '/etc/default/libvirt-bin' if libvirt_bin_stat.stat.exists else '/etc/default/libvirtd' }}" tags: vars + +- name: Configure libvirt QEMU apparmor profile template + lineinfile: + path: "/etc/apparmor.d/libvirt/TEMPLATE.qemu" + insertbefore: "^}" + line: " {{ item.path }}/** rwk," + become: true + when: item.type == "dir" + loop: "{{ libvirt_host_pools | flatten(levels=1) }}" + notify: + - reload libvirt qemu apparmor profile template