From nobody Sat May 18 05:34:55 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of redhat.com designates
 170.10.133.124 as permitted sender) client-ip=170.10.133.124;
 envelope-from=libvir-list-bounces@redhat.com;
 helo=us-smtp-delivery-124.mimecast.com;
Authentication-Results: mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail(p=quarantine dis=quarantine)  header.from=suse.com
ARC-Seal: i=1; a=rsa-sha256; t=1687910041; cv=none;
	d=zohomail.com; s=zohoarc;
	b=HSq/i8sta7G6cpB4n3ErnSOyBb8xg35cT7ofj4RwzeUdaZ+Eh61MW2T8Ve1QTyeXIQxCIxJuYe/OePyJmuk25xEFQ9n4Q9aiaUJCLSkfqImCbWZzmXuL8qn64/5ZsxDHcicUcI/Y7BfLOtZjfcx4xYkc1OmFiIa/2QujF4/Wx7k=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1687910041;
 h=Content-Type:Content-Transfer-Encoding:Date:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Sender:Subject:To;
	bh=WRcWWhoTBZU5vsagB7HCpfqTityDMf2UmcfkS+qo46A=;
	b=jAyDD5gdBbXJ0feQ9UC2EWFuDVdfhjT0FBHpbA+XxvRuxNo5Apo40aaTsAKhfPJ1w55kXyG/CQfp+W5MO54j0gLvLRg5DytkuMWhtmhMOZ2N9ccHiiA5+EGyTS1WsbI95qRkrqCvzOAP5FpB8PU1L+iqunVYEjv8BPzYGtI1OqE=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=pass;
	spf=pass (zohomail.com: domain of redhat.com designates 170.10.133.124 as
 permitted sender)  smtp.mailfrom=libvir-list-bounces@redhat.com;
	dmarc=fail header.from=<jfehlig@suse.com> (p=quarantine dis=quarantine)
Return-Path: <libvir-list-bounces@redhat.com>
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by mx.zohomail.com
	with SMTPS id 168791004155252.22662110086583;
 Tue, 27 Jun 2023 16:54:01 -0700 (PDT)
Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com
 [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS
 (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-204-7euFRlA-O4OOh2SW8olWUA-1; Tue, 27 Jun 2023 19:53:57 -0400
Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com
 [10.11.54.7])
	(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
	(No client certificate requested)
	by mimecast-mx02.redhat.com (Postfix) with ESMTPS id E6624185A793;
	Tue, 27 Jun 2023 23:53:54 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (unknown [10.30.29.100])
	by smtp.corp.redhat.com (Postfix) with ESMTP id B67BE15230A0;
	Tue, 27 Jun 2023 23:53:52 +0000 (UTC)
Received: from mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com
 (localhost [IPv6:::1])
	by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 6D3BE1946587;
	Tue, 27 Jun 2023 23:53:52 +0000 (UTC)
Received: from smtp.corp.redhat.com (int-mx08.intmail.prod.int.rdu2.redhat.com
 [10.11.54.8])
 by mm-prod-listman-01.mail-001.prod.us-east-1.aws.redhat.com (Postfix) with
 ESMTP id 6786B1946587 for <libvir-list@listman.corp.redhat.com>;
 Tue, 27 Jun 2023 23:53:48 +0000 (UTC)
Received: by smtp.corp.redhat.com (Postfix)
 id A0446C1ED98; Tue, 27 Jun 2023 23:53:48 +0000 (UTC)
Received: from mimecast-mx02.redhat.com
 (mimecast01.extmail.prod.ext.rdu2.redhat.com [10.11.55.17])
 by smtp.corp.redhat.com (Postfix) with ESMTPS id 97C54C00049
 for <libvir-list@redhat.com>; Tue, 27 Jun 2023 23:53:48 +0000 (UTC)
Received: from us-smtp-1.mimecast.com (us-smtp-1.mimecast.com [207.211.31.81])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256
 bits)) (No client certificate requested)
 by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 6B8DC858290
 for <libvir-list@redhat.com>; Tue, 27 Jun 2023 23:53:48 +0000 (UTC)
Received: from EUR03-AM7-obe.outbound.protection.outlook.com
 (mail-am7eur03on2050.outbound.protection.outlook.com [40.107.105.50]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id
 us-mta-117-1Ke5TQGGO0as2HumJS1gDQ-1; Tue, 27 Jun 2023 19:53:46 -0400
Received: from DB7PR04MB5980.eurprd04.prod.outlook.com (2603:10a6:10:88::11)
 by DB9PR04MB9913.eurprd04.prod.outlook.com (2603:10a6:10:4c4::12) with
 Microsoft SMTP Server (version=TLS1_2,
 cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.6521.26; Tue, 27 Jun
 2023 23:53:44 +0000
Received: from DB7PR04MB5980.eurprd04.prod.outlook.com
 ([fe80::8209:a05f:7b01:24c0]) by DB7PR04MB5980.eurprd04.prod.outlook.com
 ([fe80::8209:a05f:7b01:24c0%5]) with mapi id 15.20.6521.026; Tue, 27 Jun 2023
 23:53:44 +0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1687910040;
	h=from:from:sender:sender:reply-to:subject:subject:date:date:
	 message-id:message-id:to:to:cc:mime-version:mime-version:
	 content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:list-id:list-help:
	 list-unsubscribe:list-subscribe:list-post;
	bh=WRcWWhoTBZU5vsagB7HCpfqTityDMf2UmcfkS+qo46A=;
	b=NqPnUjUmVqRUh2EE5aDBVAoM9+VZmTbHnj+8y1Sbc//gpWrzNx9VYayamS1Y8sjE8OAW/z
	5dTGPUmg03FY58VUyhOiEcIn/AGQuwMiRun3Fhr68RcCpSo1/edwsZAWxj/wdXktt2lrNg
	OaRsds5tDoujDoHcgAXNc4oGLrVJzLw=
X-MC-Unique: 7euFRlA-O4OOh2SW8olWUA-1
X-Original-To: libvir-list@listman.corp.redhat.com
X-MC-Unique: 1Ke5TQGGO0as2HumJS1gDQ-1
From: Jim Fehlig <jfehlig@suse.com>
To: libvir-list@redhat.com
Subject: [PATCH] Revert "apparmor: Add support for local profile
 customizations"
Date: Tue, 27 Jun 2023 17:53:23 -0600
Message-ID: <20230627235337.29311-1-jfehlig@suse.com>
X-ClientProxiedBy: MW4P221CA0015.NAMP221.PROD.OUTLOOK.COM
 (2603:10b6:303:8b::20) To DB7PR04MB5980.eurprd04.prod.outlook.com
 (2603:10a6:10:88::11)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: DB7PR04MB5980:EE_|DB9PR04MB9913:EE_
X-MS-Office365-Filtering-Correlation-Id: e87ad676-4a8d-4785-c20f-08db7769bd6c
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0
X-Microsoft-Antispam-Message-Info: 
 1wfUHHK403KltkE7I6WQ9a/dS995Ze7hxB1PNgTFJlDUYnKWSTl0n5D97sKroyxuByeYnuLK1DiDg+X1VqiD5Y85ahlS2T/K2hoBy/kec07JL6CAheEN5qaNxwBxAwTxHGf/BJc+2p74gYdcVj3H7c7IOeE687MIZkeMaRbfoIjJi3ZKLrxopqOMqRi3l6Qs/cn/F39vs98GJb+luYNlAdS5A8zyDzWw9WD+dwHOZ9ZiE0Fkjg0vY+cwDdFKzyMi18se++6uTXF9V7wpXo5NowJmuCKG0ga5lDmV1KXKBns5HidJHgNLn9ZBuXQZZ18jDuWE2ezFbAzRoJPHeqojA7O7jBWvW4PkVGemg8wDKU3LYeKpt9hFDyWz9RnpJcEqeZkkHDMt1gF2iDFuN3lhHULQ8IlMf2HBPnZzPJy1M2vEtifTX1jGi1a+mSN3XB1X/sS8b8IBTssMmVpUhJr76tOtFOOpiC3/ni37P+m5RhmPB9ulkGbo/t6GucX9byX3wJ8ntZqNadGo1oeX05lkOuasF8RgFY0l0tiFZ6ZIVoQdk6FczrTgWx6i8E/7jdui
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:;
 IPV:NLI; SFV:NSPM; H:DB7PR04MB5980.eurprd04.prod.outlook.com; PTR:; CAT:NONE;
 SFS:(13230028)(376002)(39860400002)(366004)(136003)(396003)(346002)(451199021)(2906002)(186003)(6486002)(38100700002)(83380400001)(2616005)(6506007)(6512007)(6666004)(26005)(86362001)(1076003)(41300700001)(478600001)(316002)(36756003)(66556008)(66946007)(6916009)(66476007)(5660300002)(8676002)(8936002);
 DIR:OUT; SFP:1101
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: 
 =?us-ascii?Q?9DZrAcJoyDjnm89IkIIcO2ghJYMdEfTJaK105wpj5onIb+BD81D3fDhjckHJ?=
 =?us-ascii?Q?gmNpoetKzHwIRi0fttWDi8EmqrzcaqAWyp9pKO9QrEjuEKygTmLon17WEpzF?=
 =?us-ascii?Q?edcbsARnTqaLo5YqDzfowftjR6GLjT03+CU0q2TpU5Rhg6es8gee6Ghme1dc?=
 =?us-ascii?Q?iRhRAJ45/ETMuiIssPvOxYUbd1IkVV/luZcNG6ek72V1NOtm5DXKNUVHdb/h?=
 =?us-ascii?Q?iWhqZ25qT0Ku/T5U63Inde44MBecr98Y8GNp3Kr4aZR4z6ukpNGmABlnFwoM?=
 =?us-ascii?Q?8pVrQJdpuACrEfil4DPQg5Qh4q4cn/ur5mhtVsBil16HN8SyxHzNOKLRUq0T?=
 =?us-ascii?Q?4VyryBd1b3/W1FSIl85wG5wfRBs3zCSGIW+GRnLPc2Pw+wFU2+4MFRgu5u9b?=
 =?us-ascii?Q?ydMaZMnbw9HHFY7ON8y7NcW4sRK8ltkSWeo0sxbSy8kusCxeNjr+FZKqHNLn?=
 =?us-ascii?Q?OK51j/vc6jhTtryk2xe8AamcYRRXbvu11in9+a2Ub7s+HYckDHobsSLIZpPn?=
 =?us-ascii?Q?xfeTxDSU5KUN4rn+uLPo9lnB2c1KL0pPfH7xeQ7bYShwSW7Vkcmy7QM2UFXh?=
 =?us-ascii?Q?UxmDdrgHUkOy0EA++jP9u3ATU8EfkrGC3RuVSs2dZ8jDtGpFbDR0rW3BXEGI?=
 =?us-ascii?Q?Rgz4VDNL+v9o+WPU7/ZBWJBmZEJUDgzRnMT1IbGLgrcHD14wt7u/5CKiDlRq?=
 =?us-ascii?Q?H6M5HB8RWeJWJwTGypvxkwPXGVAQnHbJEkw2hNsfvW0z3J0af7V93MhiM2BA?=
 =?us-ascii?Q?OzIob7rzA83Oi3S33Lc9a8Ar3QiDq71vK2qBLztPBbhLnhbj+nY+4EepF+Ee?=
 =?us-ascii?Q?ysYkwqUJkfDtr4I1uF6UiKQFa/tuQ4j0V2TJknabTYEoTqQs8I7rQYy5d3bB?=
 =?us-ascii?Q?fznwQtsrpbTdrHl77xcE8XHdCU8FuPI7V3gIeiAMKpwjNTrsa/csCJqunJG6?=
 =?us-ascii?Q?iA0kl8/HnF/oNNUMlUb01L1fbn0xqqYr5RMMB3FvrwHaUvh40n/HmSr7Im8l?=
 =?us-ascii?Q?mUtSzY5cThIFVtT1kvtIbUTZTXckyZDkWo1+zAdPHZRQYYSVPE9FSURKHiD/?=
 =?us-ascii?Q?kOufidEeWPOt8LnbMK5NUrVPXibYzbSWsnvEmcJQX41vXyHJCtpgv1yW/QE1?=
 =?us-ascii?Q?brfn38CbNkkS3Sw1FHC09lQiIZu8Hlg/fUph5XPPwgEjy2Q3oz6K1N/6pC8H?=
 =?us-ascii?Q?tz2E2APWLKcAoSTeAQKX71KsTp7gPdYTfx1CrxVxQWCRINYZY12PkPy9NsLO?=
 =?us-ascii?Q?p0hZX5pKW6XXI7IcJWmvUAXvYJDALW0Wu+UzrxTmsWQLj2iBIeiQsKUVmI6c?=
 =?us-ascii?Q?jrYuJanqAkKOk+vtjBc3Lio0CUMqKZaH5xGs8wXvWpIkszSGgqivCGEL4J8e?=
 =?us-ascii?Q?RaQALLp4IZI81CZeOAkMZIsdLsY6AZ1XjYgYZFtj3f8YbrFkuLliy0X9ZHlK?=
 =?us-ascii?Q?26H/Xypa1yvCUAHnXAdLJgUhlJoabbidWc6Q+J1DDDTYzwxN+zIPWv4d/JUA?=
 =?us-ascii?Q?bYn5jqvj7KUz6uCphkjEbLcYoOMCxBNpY4o7FHujBZo2YUzyWUbcGpVyJ1uU?=
 =?us-ascii?Q?4xzt5D+0Wa0sxf6DMtPoNZOtQK7ccTej9FrwMNPg?=
X-OriginatorOrg: suse.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 
 e87ad676-4a8d-4785-c20f-08db7769bd6c
X-MS-Exchange-CrossTenant-AuthSource: DB7PR04MB5980.eurprd04.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 27 Jun 2023 23:53:43.8854 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: f7a17af6-1c5c-4a36-aa8b-f5be247aa4ba
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: 
 O/NA1NhPZUPkHUVX1/UszHekxuHT7TYvhB2VKXXxv6N3vVXP+9pwAJt1ZSv9e3pgIhebLoNKLyO4p/IjDfXbvA==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: DB9PR04MB9913
X-Mimecast-Impersonation-Protect: Policy=CLT - Impersonation Protection
 Definition; Similar Internal Domain=false;
 Similar Monitored External Domain=false; Custom External Domain=false;
 Mimecast External Domain=false; Newly Observed Domain=false;
 Internal User Name=false; Custom Display Name List=false;
 Reply-to Address Mismatch=false; Targeted Threat Dictionary=false;
 Mimecast Threat Dictionary=false; Custom Threat Dictionary=false
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.8
X-BeenThere: libvir-list@redhat.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <libvir-list.redhat.com>
List-Unsubscribe: <https://listman.redhat.com/mailman/options/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=unsubscribe>
List-Archive: <http://listman.redhat.com/archives/libvir-list/>
List-Post: <mailto:libvir-list@redhat.com>
List-Help: <mailto:libvir-list-request@redhat.com?subject=help>
List-Subscribe: <https://listman.redhat.com/mailman/listinfo/libvir-list>,
 <mailto:libvir-list-request@redhat.com?subject=subscribe>
Errors-To: libvir-list-bounces@redhat.com
Sender: "libvir-list" <libvir-list-bounces@redhat.com>
X-Scanned-By: MIMEDefang 3.1 on 10.11.54.7
X-Mimecast-Spam-Score: 0
X-Mimecast-Originator: suse.com
Content-Transfer-Encoding: quoted-printable
X-ZohoMail-DKIM: pass (identity @redhat.com)
X-ZM-MESSAGEID: 1687910043346100001
Content-Type: text/plain; charset="utf-8"

As it turns out, apparmor 2.x and 3.x behave differently or have differing
levels of support for local customizations of profiles and profile
abstractions. Additionally the apparmor 2.x tools do not cope well with
'include if exists'. Revert this commit until a more complete solution is
developed that works with old and new apparmor.

Reverts: 9b743ee19053db2fc3da8fba1e9cf81915c1e2f4
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
---
 src/security/apparmor/meson.build              | 12 +++++-------
 src/security/apparmor/usr.sbin.libvirtd.in     |  3 ---
 src/security/apparmor/usr.sbin.libvirtd.local  |  1 -
 src/security/apparmor/usr.sbin.virtqemud.in    |  3 ---
 src/security/apparmor/usr.sbin.virtqemud.local |  1 -
 src/security/apparmor/usr.sbin.virtxend.in     |  3 ---
 src/security/apparmor/usr.sbin.virtxend.local  |  1 -
 7 files changed, 5 insertions(+), 19 deletions(-)

diff --git a/src/security/apparmor/meson.build b/src/security/apparmor/meso=
n.build
index 02a6d098ad..58b4024b85 100644
--- a/src/security/apparmor/meson.build
+++ b/src/security/apparmor/meson.build
@@ -34,10 +34,8 @@ install_data(
   install_dir: apparmor_dir / 'libvirt',
 )
=20
-foreach name : apparmor_gen_profiles
-  install_data(
-    '@0@.local'.format(name),
-    install_dir: apparmor_dir / 'local',
-    rename: name,
-  )
-endforeach
+install_data(
+  'usr.lib.libvirt.virt-aa-helper.local',
+  install_dir: apparmor_dir / 'local',
+  rename: 'usr.lib.libvirt.virt-aa-helper',
+)
diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/appa=
rmor/usr.sbin.libvirtd.in
index 41bdef53ec..edb8dd8e26 100644
--- a/src/security/apparmor/usr.sbin.libvirtd.in
+++ b/src/security/apparmor/usr.sbin.libvirtd.in
@@ -139,7 +139,4 @@ profile libvirtd @sbindir@/libvirtd flags=3D(attach_dis=
connected) {
=20
    /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix,
   }
-
-  # Site-specific additions and overrides. See local/README for details.
-  include if exists <local/usr.sbin.libvirtd>
 }
diff --git a/src/security/apparmor/usr.sbin.libvirtd.local b/src/security/a=
pparmor/usr.sbin.libvirtd.local
deleted file mode 100644
index 3716400022..0000000000
--- a/src/security/apparmor/usr.sbin.libvirtd.local
+++ /dev/null
@@ -1 +0,0 @@
-# Site-specific additions and overrides for 'usr.sbin.libvirtd'
diff --git a/src/security/apparmor/usr.sbin.virtqemud.in b/src/security/app=
armor/usr.sbin.virtqemud.in
index 3ebdbf2a8f..f269c60809 100644
--- a/src/security/apparmor/usr.sbin.virtqemud.in
+++ b/src/security/apparmor/usr.sbin.virtqemud.in
@@ -132,7 +132,4 @@ profile virtqemud @sbindir@/virtqemud flags=3D(attach_d=
isconnected) {
=20
    /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix,
   }
-
-  # Site-specific additions and overrides. See local/README for details.
-  include if exists <local/usr.sbin.virtqemud>
 }
diff --git a/src/security/apparmor/usr.sbin.virtqemud.local b/src/security/=
apparmor/usr.sbin.virtqemud.local
deleted file mode 100644
index 2ac68bb069..0000000000
--- a/src/security/apparmor/usr.sbin.virtqemud.local
+++ /dev/null
@@ -1 +0,0 @@
-# Site-specific additions and overrides for 'usr.sbin.virtqemud'
diff --git a/src/security/apparmor/usr.sbin.virtxend.in b/src/security/appa=
rmor/usr.sbin.virtxend.in
index 719766a0c1..72e0d801e5 100644
--- a/src/security/apparmor/usr.sbin.virtxend.in
+++ b/src/security/apparmor/usr.sbin.virtxend.in
@@ -52,7 +52,4 @@ profile virtxend @sbindir@/virtxend flags=3D(attach_disco=
nnected) {
   @libexecdir@/libvirt_iohelper ix,
   /etc/libvirt/hooks/** rmix,
   /etc/xen/scripts/** rmix,
-
-  # Site-specific additions and overrides. See local/README for details.
-  include if exists <local/usr.sbin.virtxend>
 }
diff --git a/src/security/apparmor/usr.sbin.virtxend.local b/src/security/a=
pparmor/usr.sbin.virtxend.local
deleted file mode 100644
index 2ade86d4df..0000000000
--- a/src/security/apparmor/usr.sbin.virtxend.local
+++ /dev/null
@@ -1 +0,0 @@
-# Site-specific additions and overrides for 'usr.sbin.virtxend'
--=20
2.41.0