1. Patchew
  2. Libvirt
  3. View series

[libvirt] [PATCH] apparmor: fix virt-aa-helper profile

Cédric Bosdonnat posted 1 patch 6 years, 3 months ago
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20180103095514.26887-1-cbosdonnat@suse.com
examples/apparmor/usr.lib.libvirt.virt-aa-helper | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[libvirt] [PATCH] apparmor: fix virt-aa-helper profile
Posted by Cédric Bosdonnat 6 years, 3 months ago 
Fix rule introduced by commit 0f33025a:
  * to handle /var/run not being a symlink to /run
  * to be properly parsed: missing comma at the end.
---
 examples/apparmor/usr.lib.libvirt.virt-aa-helper | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
index 9c822b644..105f09e43 100644
--- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper
+++ b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
@@ -51,7 +51,7 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
   /var/lib/libvirt/images/** r,
   /{media,mnt,opt,srv}/** r,
   # For virt-sandbox
-  /run/libvirt/**/[sv]d[a-z] r
+  /{,var/}run/libvirt/**/[sv]d[a-z] r,
 
   /**.img r,
   /**.raw r,
-- 
2.15.1

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] apparmor: fix virt-aa-helper profile
Posted by intrigeri 6 years, 3 months ago 
Cédric Bosdonnat:
>  * to handle /var/run not being a symlink to /run

Does this still really exist in any distro that has chances to run
a recent libvirt?

If yes, then:

> -  /run/libvirt/**/[sv]d[a-z] r
> +  /{,var/}run/libvirt/**/[sv]d[a-z] r,

+1

And in any case, +1 the missing comma.

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] apparmor: fix virt-aa-helper profile
Posted by Cedric Bosdonnat 6 years, 3 months ago 
On Wed, 2018-01-03 at 11:54 +0100, intrigeri wrote:
> Cédric Bosdonnat:
> >  * to handle /var/run not being a symlink to /run
> 
> Does this still really exist in any distro that has chances to run
> a recent libvirt?

At least some people tweak their distro for that, since the openSUSE
AppArmor does it ;)

--
Cedric

> If yes, then:
> 
> > -  /run/libvirt/**/[sv]d[a-z] r
> > +  /{,var/}run/libvirt/**/[sv]d[a-z] r,
> 
> +1
> 
> And in any case, +1 the missing comma.
> 
> --
> libvir-list mailing list
> libvir-list@redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list

--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
Re: [libvirt] [PATCH] apparmor: fix virt-aa-helper profile
Posted by Jamie Strandboge 6 years, 3 months ago 
On Wed, 2018-01-03 at 10:55 +0100, Cédric Bosdonnat wrote:
> Fix rule introduced by commit 0f33025a:
>   * to handle /var/run not being a symlink to /run
>   * to be properly parsed: missing comma at the end.
> ---
>  examples/apparmor/usr.lib.libvirt.virt-aa-helper | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper
> b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
> index 9c822b644..105f09e43 100644
> --- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper
> +++ b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
> @@ -51,7 +51,7 @@ profile virt-aa-helper
> /usr/{lib,lib64}/libvirt/virt-aa-helper {
>    /var/lib/libvirt/images/** r,
>    /{media,mnt,opt,srv}/** r,
>    # For virt-sandbox
> -  /run/libvirt/**/[sv]d[a-z] r
> +  /{,var/}run/libvirt/**/[sv]d[a-z] r,
>  
LGTM. +1 to commit as is.

-- 
Jamie Strandboge             | http://www.canonical.com--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.