1. Patchew
  2. Libvirt
  3. View series

[PATCH v1] apparmor: Allow /usr/libexec for private xen-tools binaries

Olaf Hering posted 1 patch 2 years, 9 months ago
Test syntax-check failed
Patches applied successfully (tree, apply log)
git fetch https://github.com/patchew-project/libvirt tags/patchew/20210713134358.9834-1-olaf@aepfle.de
src/security/apparmor/usr.sbin.libvirtd.in | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
[PATCH v1] apparmor: Allow /usr/libexec for private xen-tools binaries
Posted by Olaf Hering 2 years, 9 months ago 
This is a followup for commit e906c4d02bdcddf141b4d124afd68c8ee10134fe
("apparmor: Allow /usr/libexec for libxl-save-helper and pygrub"):

In recent rpm versions --libexecdir changed from /usr/lib64 to
/usr/libexec. A plain rpmbuild %configure in xen.git will install all
files, including the private copies of qemu, into /usr/libexec/xen/bin.
Expand the existing pattern to cover also this libexecdir variant.

Signed-off-by: Olaf Hering <olaf@aepfle.de>
---
 src/security/apparmor/usr.sbin.libvirtd.in | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/apparmor/usr.sbin.libvirtd.in
index 928782b709..f2ab6ff2aa 100644
--- a/src/security/apparmor/usr.sbin.libvirtd.in
+++ b/src/security/apparmor/usr.sbin.libvirtd.in
@@ -88,7 +88,7 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) {
   @sbindir@/* PUx,
   /{usr/,}lib/udev/scsi_id PUx,
   /usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx,
-  /usr/{lib,lib64}/xen/bin/* Ux,
+  /usr/{lib,lib64,libexec}/xen/bin/* Ux,
   /usr/{lib,libexec}/xen-*/bin/libxl-save-helper PUx,
   /usr/{lib,libexec}/xen-*/bin/pygrub PUx,
   /usr/{lib,lib64,lib/qemu,libexec}/vhost-user-gpu PUx,
Re: [PATCH v1] apparmor: Allow /usr/libexec for private xen-tools binaries
Posted by Jim Fehlig 2 years, 9 months ago 
On 7/13/21 7:43 AM, Olaf Hering wrote:
> This is a followup for commit e906c4d02bdcddf141b4d124afd68c8ee10134fe
> ("apparmor: Allow /usr/libexec for libxl-save-helper and pygrub"):
> 
> In recent rpm versions --libexecdir changed from /usr/lib64 to
> /usr/libexec. A plain rpmbuild %configure in xen.git will install all
> files, including the private copies of qemu, into /usr/libexec/xen/bin.
> Expand the existing pattern to cover also this libexecdir variant.
> 
> Signed-off-by: Olaf Hering <olaf@aepfle.de>
> ---
>   src/security/apparmor/usr.sbin.libvirtd.in | 2 +-
>   1 file changed, 1 insertion(+), 1 deletion(-)
> 
> diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/apparmor/usr.sbin.libvirtd.in
> index 928782b709..f2ab6ff2aa 100644
> --- a/src/security/apparmor/usr.sbin.libvirtd.in
> +++ b/src/security/apparmor/usr.sbin.libvirtd.in
> @@ -88,7 +88,7 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) {
>     @sbindir@/* PUx,
>     /{usr/,}lib/udev/scsi_id PUx,
>     /usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx,
> -  /usr/{lib,lib64}/xen/bin/* Ux,
> +  /usr/{lib,lib64,libexec}/xen/bin/* Ux,

I see Michal already reviewed/committed this patch. I'll make the same change to 
the new virtxend profile before pushing it.

Regards,
Jim
Re: [PATCH v1] apparmor: Allow /usr/libexec for private xen-tools binaries
Posted by Michal Prívozník 2 years, 9 months ago 
On 7/13/21 3:43 PM, Olaf Hering wrote:
> This is a followup for commit e906c4d02bdcddf141b4d124afd68c8ee10134fe
> ("apparmor: Allow /usr/libexec for libxl-save-helper and pygrub"):
> 
> In recent rpm versions --libexecdir changed from /usr/lib64 to
> /usr/libexec. A plain rpmbuild %configure in xen.git will install all
> files, including the private copies of qemu, into /usr/libexec/xen/bin.
> Expand the existing pattern to cover also this libexecdir variant.
> 
> Signed-off-by: Olaf Hering <olaf@aepfle.de>
> ---
>  src/security/apparmor/usr.sbin.libvirtd.in | 2 +-
>  1 file changed, 1 insertion(+), 1 deletion(-)

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>

and pushed.

Michal

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.