VHD images can be used as any other, so we should add them to the list
of types that virt-aa-helper can read when creating the per-guest rules
for backing files.
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com>
---
src/security/apparmor/usr.lib.libvirt.virt-aa-helper | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
index 78994bcda6..bf6bd297d1 100644
--- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
+++ b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
@@ -63,6 +63,7 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
/**.qcow{,2} r,
/**.qed r,
/**.vmdk r,
+ /**.vhd r,
/**.[iI][sS][oO] r,
/**/disk{,.*} r,
--
2.22.0
--
libvir-list mailing list
libvir-list@redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list
On Wed, 2019-07-03 at 12:46 +0200, Christian Ehrhardt wrote: > VHD images can be used as any other, so we should add them to the list > of types that virt-aa-helper can read when creating the per-guest rules > for backing files. > > Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> > --- > src/security/apparmor/usr.lib.libvirt.virt-aa-helper | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper > index 78994bcda6..bf6bd297d1 100644 > --- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper > +++ b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper > @@ -63,6 +63,7 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper { > /**.qcow{,2} r, > /**.qed r, > /**.vmdk r, > + /**.vhd r, > /**.[iI][sS][oO] r, > /**/disk{,.*} r, I know basically nothing about AppArmor, but given the pre-existing contents of the file the changes seem completely reasonable, so Reviewed-by: Andrea Bolognani <abologna@redhat.com> -- Andrea Bolognani / Red Hat / Virtualization -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On Wed, 03 Jul 2019, Christian Ehrhardt wrote: > VHD images can be used as any other, so we should add them to the list > of types that virt-aa-helper can read when creating the per-guest rules > for backing files. > > Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> > --- > src/security/apparmor/usr.lib.libvirt.virt-aa-helper | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper > index 78994bcda6..bf6bd297d1 100644 > --- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper > +++ b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper > @@ -63,6 +63,7 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper { > /**.qcow{,2} r, > /**.qed r, > /**.vmdk r, > + /**.vhd r, This looks fine. +1 to apply. -- Jamie Strandboge | http://www.canonical.com -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
On Fri, Jul 12, 2019 at 7:02 PM Jamie Strandboge <jamie@canonical.com> wrote: > > On Wed, 03 Jul 2019, Christian Ehrhardt wrote: > > > VHD images can be used as any other, so we should add them to the list > > of types that virt-aa-helper can read when creating the per-guest rules > > for backing files. > > > > Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> > > --- > > src/security/apparmor/usr.lib.libvirt.virt-aa-helper | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper > > index 78994bcda6..bf6bd297d1 100644 > > --- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper > > +++ b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper > > @@ -63,6 +63,7 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper { > > /**.qcow{,2} r, > > /**.qed r, > > /**.vmdk r, > > + /**.vhd r, > > This looks fine. +1 to apply. Thank you Jamie and Andrea! the commit is now pushed with your Review/Ack tags added. -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
© 2016 - 2024 Red Hat, Inc.