src/security/apparmor/meson.build | 12 +++++------- src/security/apparmor/usr.sbin.libvirtd.in | 3 --- src/security/apparmor/usr.sbin.libvirtd.local | 1 - src/security/apparmor/usr.sbin.virtqemud.in | 3 --- src/security/apparmor/usr.sbin.virtqemud.local | 1 - src/security/apparmor/usr.sbin.virtxend.in | 3 --- src/security/apparmor/usr.sbin.virtxend.local | 1 - 7 files changed, 5 insertions(+), 19 deletions(-)
As it turns out, apparmor 2.x and 3.x behave differently or have differing
levels of support for local customizations of profiles and profile
abstractions. Additionally the apparmor 2.x tools do not cope well with
'include if exists'. Revert this commit until a more complete solution is
developed that works with old and new apparmor.
Reverts: 9b743ee19053db2fc3da8fba1e9cf81915c1e2f4
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
---
src/security/apparmor/meson.build | 12 +++++-------
src/security/apparmor/usr.sbin.libvirtd.in | 3 ---
src/security/apparmor/usr.sbin.libvirtd.local | 1 -
src/security/apparmor/usr.sbin.virtqemud.in | 3 ---
src/security/apparmor/usr.sbin.virtqemud.local | 1 -
src/security/apparmor/usr.sbin.virtxend.in | 3 ---
src/security/apparmor/usr.sbin.virtxend.local | 1 -
7 files changed, 5 insertions(+), 19 deletions(-)
diff --git a/src/security/apparmor/meson.build b/src/security/apparmor/meson.build
index 02a6d098ad..58b4024b85 100644
--- a/src/security/apparmor/meson.build
+++ b/src/security/apparmor/meson.build
@@ -34,10 +34,8 @@ install_data(
install_dir: apparmor_dir / 'libvirt',
)
-foreach name : apparmor_gen_profiles
- install_data(
- '@0@.local'.format(name),
- install_dir: apparmor_dir / 'local',
- rename: name,
- )
-endforeach
+install_data(
+ 'usr.lib.libvirt.virt-aa-helper.local',
+ install_dir: apparmor_dir / 'local',
+ rename: 'usr.lib.libvirt.virt-aa-helper',
+)
diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/apparmor/usr.sbin.libvirtd.in
index 41bdef53ec..edb8dd8e26 100644
--- a/src/security/apparmor/usr.sbin.libvirtd.in
+++ b/src/security/apparmor/usr.sbin.libvirtd.in
@@ -139,7 +139,4 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) {
/usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix,
}
-
- # Site-specific additions and overrides. See local/README for details.
- include if exists <local/usr.sbin.libvirtd>
}
diff --git a/src/security/apparmor/usr.sbin.libvirtd.local b/src/security/apparmor/usr.sbin.libvirtd.local
deleted file mode 100644
index 3716400022..0000000000
--- a/src/security/apparmor/usr.sbin.libvirtd.local
+++ /dev/null
@@ -1 +0,0 @@
-# Site-specific additions and overrides for 'usr.sbin.libvirtd'
diff --git a/src/security/apparmor/usr.sbin.virtqemud.in b/src/security/apparmor/usr.sbin.virtqemud.in
index 3ebdbf2a8f..f269c60809 100644
--- a/src/security/apparmor/usr.sbin.virtqemud.in
+++ b/src/security/apparmor/usr.sbin.virtqemud.in
@@ -132,7 +132,4 @@ profile virtqemud @sbindir@/virtqemud flags=(attach_disconnected) {
/usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix,
}
-
- # Site-specific additions and overrides. See local/README for details.
- include if exists <local/usr.sbin.virtqemud>
}
diff --git a/src/security/apparmor/usr.sbin.virtqemud.local b/src/security/apparmor/usr.sbin.virtqemud.local
deleted file mode 100644
index 2ac68bb069..0000000000
--- a/src/security/apparmor/usr.sbin.virtqemud.local
+++ /dev/null
@@ -1 +0,0 @@
-# Site-specific additions and overrides for 'usr.sbin.virtqemud'
diff --git a/src/security/apparmor/usr.sbin.virtxend.in b/src/security/apparmor/usr.sbin.virtxend.in
index 719766a0c1..72e0d801e5 100644
--- a/src/security/apparmor/usr.sbin.virtxend.in
+++ b/src/security/apparmor/usr.sbin.virtxend.in
@@ -52,7 +52,4 @@ profile virtxend @sbindir@/virtxend flags=(attach_disconnected) {
@libexecdir@/libvirt_iohelper ix,
/etc/libvirt/hooks/** rmix,
/etc/xen/scripts/** rmix,
-
- # Site-specific additions and overrides. See local/README for details.
- include if exists <local/usr.sbin.virtxend>
}
diff --git a/src/security/apparmor/usr.sbin.virtxend.local b/src/security/apparmor/usr.sbin.virtxend.local
deleted file mode 100644
index 2ade86d4df..0000000000
--- a/src/security/apparmor/usr.sbin.virtxend.local
+++ /dev/null
@@ -1 +0,0 @@
-# Site-specific additions and overrides for 'usr.sbin.virtxend'
--
2.41.0On Tue, Jun 27, 2023 at 05:53:23PM -0600, Jim Fehlig wrote: > As it turns out, apparmor 2.x and 3.x behave differently or have differing > levels of support for local customizations of profiles and profile > abstractions. Additionally the apparmor 2.x tools do not cope well with > 'include if exists'. Revert this commit until a more complete solution is > developed that works with old and new apparmor. > > Reverts: 9b743ee19053db2fc3da8fba1e9cf81915c1e2f4 > Signed-off-by: Jim Fehlig <jfehlig@suse.com> > --- > src/security/apparmor/meson.build | 12 +++++------- > src/security/apparmor/usr.sbin.libvirtd.in | 3 --- > src/security/apparmor/usr.sbin.libvirtd.local | 1 - > src/security/apparmor/usr.sbin.virtqemud.in | 3 --- > src/security/apparmor/usr.sbin.virtqemud.local | 1 - > src/security/apparmor/usr.sbin.virtxend.in | 3 --- > src/security/apparmor/usr.sbin.virtxend.local | 1 - > 7 files changed, 5 insertions(+), 19 deletions(-) Thanks! Reviewed-by: Andrea Bolognani <abologna@redhat.com> and safe for freeze. -- Andrea Bolognani / Red Hat / Virtualization
© 2016 - 2024 Red Hat, Inc.