#!/bin/bash

. /var/lib/autoyast-cc/libcc

LIBVIRTAA="/etc/apparmor.d/abstractions/libvirt-qemu"
[ ! -f $LIBVIRTAA ] && {
	cc_echo "libvirt configuration file $LIBVIRTAA does not exist - skipping configuration"
	cc_exit 0
}

trap "cc_exec_log rm -f $LIBVIRTAA.$$" 0 1 2 3 15
perl -ne 'print unless /CC Configuration START/../CC configuration END/' < $LIBVIRTAA >$LIBVIRTAA.$$

echo "## CC Configuration START" >> $LIBVIRTAA.$$
echo "  # Deny the ability to trace other VMs or attach debuggers" >> $LIBVIRTAA.$$
echo "  deny capability sys_ptrace," >> $LIBVIRTAA.$$
echo "## CC Configuration END" >> $LIBVIRTAA.$$

cc_replace $LIBVIRTAA.$$ $LIBVIRTAA
cc_exit 0
