From nobody Mon May 6 19:53:52 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=libvir-list-bounces@redhat.com; arc=fail (BodyHash is different from the expected one) Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1571284361899676.250765979375; Wed, 16 Oct 2019 20:52:41 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 86D7F89B000; Thu, 17 Oct 2019 03:52:36 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx02.intmail.prod.int.phx2.redhat.com [10.5.11.21]) by smtp.corp.redhat.com (Postfix) with ESMTPS id C9CF860852; Thu, 17 Oct 2019 03:52:33 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 268444EE68; Thu, 17 Oct 2019 03:52:31 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.phx2.redhat.com [10.5.11.23]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id x9H3iJYS003803 for ; Wed, 16 Oct 2019 23:44:19 -0400 Received: by smtp.corp.redhat.com (Postfix) id 1572619C69; Thu, 17 Oct 2019 03:44:19 +0000 (UTC) Received: from mx1.redhat.com (ext-mx14.extmail.prod.ext.phx2.redhat.com [10.5.110.43]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 0DDDA19C68 for ; Thu, 17 Oct 2019 03:44:16 +0000 (UTC) Received: from m4a0041g.houston.softwaregrp.com (m4a0041g.houston.softwaregrp.com [15.124.2.87]) (using TLSv1.2 with cipher DHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 731033090FDD for ; Thu, 17 Oct 2019 03:44:14 +0000 (UTC) Received: FROM m4a0041g.houston.softwaregrp.com (15.120.17.147) BY m4a0041g.houston.softwaregrp.com WITH ESMTP FOR libvir-list@redhat.com; Thu, 17 Oct 2019 03:43:15 +0000 Received: from M4W0335.microfocus.com (2002:f78:1193::f78:1193) by M4W0335.microfocus.com (2002:f78:1193::f78:1193) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1591.10; Thu, 17 Oct 2019 03:41:51 +0000 Received: from NAM04-CO1-obe.outbound.protection.outlook.com (15.124.8.13) by M4W0335.microfocus.com (15.120.17.147) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256) id 15.1.1591.10 via Frontend Transport; Thu, 17 Oct 2019 03:41:50 +0000 Received: from BY5PR18MB3315.namprd18.prod.outlook.com (10.255.139.204) by BY5PR18MB3121.namprd18.prod.outlook.com (10.255.136.150) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.2347.16; Thu, 17 Oct 2019 03:41:49 +0000 Received: from BY5PR18MB3315.namprd18.prod.outlook.com ([fe80::3546:b32d:1b4:5b1c]) by BY5PR18MB3315.namprd18.prod.outlook.com ([fe80::3546:b32d:1b4:5b1c%7]) with mapi id 15.20.2347.023; Thu, 17 Oct 2019 03:41:49 +0000 ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=DVE/96yVYhNz7TJEoKuQv4fDIbbtPlK6yFQVw7NOjtyttsPxieWi4n7Z+pb8UJn8aKoIf9Gbcg3DyXXhQEWfKMs37hNSN7A9zPKtn0/gbN3eYm9odigPPf5110ny+8QrFqpxLABQeykHtLMBRlEWPsTlG5n21SUIGM7qGhGpF10k6x+2Afue1H5xJjnBr/gfrFMcUsyZBiCOjux6iep5Z7LyhjUgIpVblCkuzErBtgpKvCr8GWRB1dLC4o7xEK1IqAnEPqOtCYeBnlu69sUPcgpJLBFcfsPsQJ89/6EtzW+K19Rx7k1e+cc8DJV8l9DWeKd5KevVrsCnHBM0SBvTjA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=zqUoN7PNdqiW94dHmSRvkkgbJ/EP9n9jzQUYNILmEoQ=; b=n8kWWmb5JJhb4UTBgRz5WfIVqLZOWQOFZj+3p5Z9vBi4wSE44qA5gZu1d1t4BL7KVIdayVpOZY/ARS9UFn5UAIc9E6jWmomwrJjSAt4IC6CdziTVjVxCqcjZMB/h3ERubQ2UaB9V39xOLOBlalpH52WbtKeQ6qNa5f1Mx3J1OygDP4aKhZKxBULs7vhm3z5RSPooPqCimKUtmYtlXiTyuVT4M/eq2/QFdi/QE9WMb140V/HF4ZVwAF7qWoIMvf0IXLsk0AcT3FGnFV/ZMD+lVWAPCBMNS2mnGBQuUdxjjCVFDlYpBI3TtwGaIURS6I8x2nC/N2AHWaeg+xSRc0Jj0A== ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=suse.com; dmarc=pass action=none header.from=suse.com; dkim=pass header.d=suse.com; arc=none From: Jim Fehlig To: "libvir-list@redhat.com" Thread-Topic: [PATCH] Apparmor: Support Xen scripts in libexec Thread-Index: AQHVhJzOzec5BVj7TkCzH6YC4jepPQ== Date: Thu, 17 Oct 2019 03:41:49 +0000 Message-ID: <20191017034118.8558-1-jfehlig@suse.com> Accept-Language: en-US Content-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-clientproxiedby: BY5PR04CA0011.namprd04.prod.outlook.com (2603:10b6:a03:1d0::21) To BY5PR18MB3315.namprd18.prod.outlook.com (2603:10b6:a03:196::12) authentication-results: spf=none (sender IP is ) smtp.mailfrom=jfehlig@suse.com; x-ms-exchange-messagesentrepresentingtype: 1 x-originating-ip: [69.51.74.242] x-ms-publictraffictype: Email x-ms-office365-filtering-correlation-id: 43b7ee5f-fd96-4dc7-c597-08d752b3f0cb x-ms-traffictypediagnostic: BY5PR18MB3121: x-ms-exchange-transport-forked: True x-microsoft-antispam-prvs: x-ms-oob-tlc-oobclassifiers: OLM:6108; x-forefront-prvs: 01930B2BA8 x-forefront-antispam-report: SFV:NSPM; SFS:(10019020)(4636009)(396003)(136003)(346002)(376002)(39860400002)(366004)(189003)(199004)(86362001)(66476007)(3846002)(14454004)(71200400001)(71190400001)(7736002)(305945005)(478600001)(6116002)(36756003)(256004)(316002)(5024004)(14444005)(2501003)(2906002)(6486002)(5640700003)(8936002)(50226002)(6512007)(66446008)(1076003)(6916009)(64756008)(99286004)(102836004)(8676002)(66066001)(486006)(6436002)(186003)(2351001)(81166006)(81156014)(2616005)(476003)(5660300002)(107886003)(25786009)(52116002)(4326008)(66946007)(66556008)(386003)(26005)(6506007); DIR:OUT; SFP:1102; SCL:1; SRVR:BY5PR18MB3121; H:BY5PR18MB3315.namprd18.prod.outlook.com; FPR:; SPF:None; LANG:en; PTR:InfoNoRecords; MX:1; A:1; Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=libvir-list-bounces@redhat.com; helo=mx1.redhat.com; received-spf: None (protection.outlook.com: suse.com does not designate permitted sender hosts) x-ms-exchange-senderadcheck: 1 x-microsoft-antispam: BCL:0; x-microsoft-antispam-message-info: Q446wSdL59QMeT48kOH3jsNaw8mslM8NGOrIsA5C/Ro/rskR45lM5RLBmXw+fbSJrS+vfIkCYzVn2l8J8fXQnLKb9E9LarF89n6bg7VrUm69ehO+qgHiVv8qZx0CF1TEjsrCDAU3J91gy54nvacgICGEeSXCfO7iHdC7W0duzk5Ksl/TR7LFs6LFtYDKdhn/LfRSnw4vzrWXGUV8/rDjg4OFriH5Z/rDun7TTLddzqBqHvdAhUdHCa5719V1aYsVX8eW7LDlHl0Y6zZDPziGTYpvbUuU27NziyIilQvyqN6mK/Ppah4wxbjE0r/wM/tyxjelKwCcRMTQTe5pO95vDflmH3ph+dH0n2On2+AD3sOCITjHcKCT22E4MsPC/G5Wjq9qnyOuaZbF18Y+DyHLZibjW4EthpeBGsr2JyJtPJ0= MIME-Version: 1.0 X-MS-Exchange-CrossTenant-Network-Message-Id: 43b7ee5f-fd96-4dc7-c597-08d752b3f0cb X-MS-Exchange-CrossTenant-originalarrivaltime: 17 Oct 2019 03:41:49.1922 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 856b813c-16e5-49a5-85ec-6f081e13b527 X-MS-Exchange-CrossTenant-mailboxtype: HOSTED X-MS-Exchange-CrossTenant-userprincipalname: zR9jxRmK6GrXJNMVUl1gZwXNVBIK2oDiQHUo6+iisWiTlClLcF4r/Ov4SuW4N+izZOERAzgCjk0hs9gi/5mKaw== X-MS-Exchange-Transport-CrossTenantHeadersStamped: BY5PR18MB3121 X-OriginatorOrg: suse.com X-Greylist: Sender passed SPF test, Sender IP whitelisted by DNSRBL, ACL 238 matched, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.43]); Thu, 17 Oct 2019 03:44:15 +0000 (UTC) X-Greylist: inspected by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.43]); Thu, 17 Oct 2019 03:44:15 +0000 (UTC) for IP:'15.124.2.87' DOMAIN:'m4a0041g.houston.softwaregrp.com' HELO:'m4a0041g.houston.softwaregrp.com' FROM:'jfehlig@suse.com' RCPT:'' X-RedHat-Spam-Score: 0.001 (RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, UNPARSEABLE_RELAY) 15.124.2.87 m4a0041g.houston.softwaregrp.com 15.124.2.87 m4a0041g.houston.softwaregrp.com X-Scanned-By: MIMEDefang 2.84 on 10.5.110.43 X-Scanned-By: MIMEDefang 2.84 on 10.5.11.23 X-MIME-Autoconverted: from quoted-printable to 8bit by lists01.pubmisc.prod.ext.phx2.redhat.com id x9H3iJYS003803 X-loop: libvir-list@redhat.com Subject: [libvirt] [PATCH] Apparmor: Support Xen scripts in libexec X-BeenThere: libvir-list@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Development discussions about the libvirt library & tools List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Transfer-Encoding: quoted-printable Sender: libvir-list-bounces@redhat.com Errors-To: libvir-list-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.6.2 (mx1.redhat.com [10.5.110.67]); Thu, 17 Oct 2019 03:52:40 +0000 (UTC) Content-Type: text/plain; charset="utf-8" Upstream Xen has traditionally installed various hotplug and utility scripts in /etc/xen/scripts/. openSUSE is slowly moving all distribution provided configuration files and scripts from /etc to /usr. In the case of the Xen scripts provided under /etc/xen/scripts/, they will be moving to /usr/lib/xen/scripts/. Adjust the libvirtd Apparmor profile to allow executing scripts from this location. Signed-off-by: Jim Fehlig --- If this is deemed too distro-specific I'm happy to maintain a downstream patch. src/security/apparmor/usr.sbin.libvirtd | 1 + 1 file changed, 1 insertion(+) diff --git a/src/security/apparmor/usr.sbin.libvirtd b/src/security/apparmo= r/usr.sbin.libvirtd index 29f9936ad9..b0d23c80f3 100644 --- a/src/security/apparmor/usr.sbin.libvirtd +++ b/src/security/apparmor/usr.sbin.libvirtd @@ -104,6 +104,7 @@ profile libvirtd /usr/sbin/libvirtd flags=3D(attach_dis= connected) { /usr/{lib,lib64}/libvirt/libvirt_iohelper ix, /etc/libvirt/hooks/** rmix, /etc/xen/scripts/** rmix, + /usr/{lib,lib64}/xen/scripts/** rmix, =20 # allow changing to our UUID-based named profiles change_profile -> @{LIBVIRT}-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-= 9a-f]*, --=20 2.23.0 -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list