1. Patchew
  2. Libvirt
  3. View series

[libvirt PATCH 0/8] apparmor: Improve overrides, fix 2.x compatibility

Andrea Bolognani posted 8 patches 10 months, 1 week ago
Failed in applying to current master (apply log)
NEWS.rst                                      |  8 +++
meson.build                                   |  3 +
.../apparmor/{libvirt-lxc => libvirt-lxc.in}  |  4 ++
.../{libvirt-qemu => libvirt-qemu.in}         |  6 ++
src/security/apparmor/meson.build             | 68 ++++++++++++++++---
.../usr.lib.libvirt.virt-aa-helper.in         |  5 ++
src/security/apparmor/usr.sbin.libvirtd.in    |  4 ++
src/security/apparmor/usr.sbin.virtqemud.in   |  4 ++
src/security/apparmor/usr.sbin.virtxend.in    |  4 ++
9 files changed, 96 insertions(+), 10 deletions(-)
rename src/security/apparmor/{libvirt-lxc => libvirt-lxc.in} (98%)
rename src/security/apparmor/{libvirt-qemu => libvirt-qemu.in} (98%)
[libvirt PATCH 0/8] apparmor: Improve overrides, fix 2.x compatibility
Posted by Andrea Bolognani 10 months, 1 week ago 
An alternative to Jim's attempt[1]. See [2] for the discussion
leading up to these changes.

[1] https://listman.redhat.com/archives/libvir-list/2023-June/240531.html
[2] https://listman.redhat.com/archives/libvir-list/2023-June/240251.html

Andrea Bolognani (8):
  meson: Detect AppArmor 3.x
  apparmor: Allow version-specific bits in profiles
  apparmor: Allow version-specific bits in abstractions too
  apparmor: Only support passt on 3.x
  apparmor: Make abstractions extensible
  apparmor: Improve virt-aa-helper include
  apparmor: Make all profiles extensible
  NEWS: Mention overrides for AppArmor profiles and abstractions

 NEWS.rst                                      |  8 +++
 meson.build                                   |  3 +
 .../apparmor/{libvirt-lxc => libvirt-lxc.in}  |  4 ++
 .../{libvirt-qemu => libvirt-qemu.in}         |  6 ++
 src/security/apparmor/meson.build             | 68 ++++++++++++++++---
 .../usr.lib.libvirt.virt-aa-helper.in         |  5 ++
 src/security/apparmor/usr.sbin.libvirtd.in    |  4 ++
 src/security/apparmor/usr.sbin.virtqemud.in   |  4 ++
 src/security/apparmor/usr.sbin.virtxend.in    |  4 ++
 9 files changed, 96 insertions(+), 10 deletions(-)
 rename src/security/apparmor/{libvirt-lxc => libvirt-lxc.in} (98%)
 rename src/security/apparmor/{libvirt-qemu => libvirt-qemu.in} (98%)

-- 
2.41.0
Re: [libvirt PATCH 0/8] apparmor: Improve overrides, fix 2.x compatibility
Posted by Jim Fehlig 10 months, 1 week ago 
On 6/29/23 07:14, Andrea Bolognani wrote:
> An alternative to Jim's attempt[1]. See [2] for the discussion
> leading up to these changes.
> 
> [1] https://listman.redhat.com/archives/libvir-list/2023-June/240531.html
> [2] https://listman.redhat.com/archives/libvir-list/2023-June/240251.html
> 
> Andrea Bolognani (8):
>    meson: Detect AppArmor 3.x
>    apparmor: Allow version-specific bits in profiles
>    apparmor: Allow version-specific bits in abstractions too
>    apparmor: Only support passt on 3.x
>    apparmor: Make abstractions extensible
>    apparmor: Improve virt-aa-helper include
>    apparmor: Make all profiles extensible
>    NEWS: Mention overrides for AppArmor profiles and abstractions
> 
>   NEWS.rst                                      |  8 +++
>   meson.build                                   |  3 +
>   .../apparmor/{libvirt-lxc => libvirt-lxc.in}  |  4 ++
>   .../{libvirt-qemu => libvirt-qemu.in}         |  6 ++
>   src/security/apparmor/meson.build             | 68 ++++++++++++++++---
>   .../usr.lib.libvirt.virt-aa-helper.in         |  5 ++
>   src/security/apparmor/usr.sbin.libvirtd.in    |  4 ++
>   src/security/apparmor/usr.sbin.virtqemud.in   |  4 ++
>   src/security/apparmor/usr.sbin.virtxend.in    |  4 ++
>   9 files changed, 96 insertions(+), 10 deletions(-)
>   rename src/security/apparmor/{libvirt-lxc => libvirt-lxc.in} (98%)
>   rename src/security/apparmor/{libvirt-qemu => libvirt-qemu.in} (98%)
> 

Nice work! Much better than the profile duplication, although I still think 
zapping 2.x support is easier with my hack :-P.

Reviewed-by: Jim Fehlig <jfehlig@suse.com>

Regards,
Jim

Patchew 2.1-devel-0870f84

© 2016 - 2024 Red Hat, Inc.