From nobody Fri Oct 18 06:21:33 2024
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=fail(p=none dis=none)  header.from=canonical.com
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1717523069744268.5401905262032;
 Tue, 4 Jun 2024 10:44:29 -0700 (PDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 7D9721EF7; Tue,  4 Jun 2024 13:44:28 -0400 (EDT)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id ECCF41EBE;
	Tue,  4 Jun 2024 13:43:52 -0400 (EDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id AC0471E8C; Tue,  4 Jun 2024 13:43:50 -0400 (EDT)
Received: from smtp-relay-internal-0.canonical.com
 (smtp-relay-internal-0.canonical.com [185.125.188.122])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id D81FF1E9B
	for <devel@lists.libvirt.org>; Tue,  4 Jun 2024 13:43:48 -0400 (EDT)
Received: from mail-pl1-f198.google.com (mail-pl1-f198.google.com
 [209.85.214.198])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by smtp-relay-internal-0.canonical.com (Postfix) with ESMTPS id 7566B3F274
	for <devel@lists.libvirt.org>; Tue,  4 Jun 2024 17:35:19 +0000 (UTC)
Received: by mail-pl1-f198.google.com with SMTP id
 d9443c01a7336-1f68862abbaso20201185ad.3
        for <devel@lists.libvirt.org>; Tue, 04 Jun 2024 10:35:19 -0700 (PDT)
Received: from georgia.. ([168.194.161.46])
        by smtp.gmail.com with ESMTPSA id
 d9443c01a7336-1f6323e9ab2sm85851375ad.193.2024.06.04.10.35.14
        (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256);
        Tue, 04 Jun 2024 10:35:15 -0700 (PDT)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No, score=-1.4 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	HEADER_FROM_DIFFERENT_DOMAINS,MAILING_LIST_MULTI,RCVD_IN_DNSWL_MED,
	RCVD_IN_SORBS_WEB,SPF_HELO_NONE,T_SCC_BODY_TEXT_LINE
	autolearn=unavailable autolearn_force=no version=3.4.4
X-Greylist: delayed 506 seconds by postgrey-1.37 at lists.libvirt.org;
 Tue, 04 Jun 2024 13:43:48 EDT
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=canonical.com;
	s=20210705; t=1717522519;
	bh=AvThCneCPIgCrvoILLtlBOfsZw7nQqGoELfLvrKkh7s=;
	h=From:To:Cc:Subject:Date:Message-Id:MIME-Version;
	b=SoZuvvlq3dlhD4dqYm4WpSGYIDNpwdtIoPbJraW42m5CZsshomTOlM0YJIDRa1SSA
	 FoJ35kvHLiaUmWoK15ZV22xItmRpb91xvL1LUZNoMzXMeuJ7lV5zhcY3e3k6NrCa7r
	 BwNZ7Kfj84Z9axDjiJjeHtPSjfxNNnmz90axNOa1oP4QzU05MJe/vRE+I5FqVAIwj6
	 mT0ZsVqoUkKFG2hZfLq3ZQgKbbzJMPQ9zrEtdt2Zu/QYdHlsgxr3TTRbF9oQbmuY2f
	 eBU9LpP2rf7Yg9dY5G0/XojPLzBFasmjZ/r4vg4lsFdTYJS8ia0yNIF+8EwTfkWlKb
	 qSPB+OXTTpbHw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
        d=1e100.net; s=20230601; t=1717522517; x=1718127317;
        h=content-transfer-encoding:mime-version:message-id:date:subject:cc
         :to:from:x-gm-message-state:from:to:cc:subject:date:message-id
         :reply-to;
        bh=AvThCneCPIgCrvoILLtlBOfsZw7nQqGoELfLvrKkh7s=;
        b=iauIjJWJssaoFCbLVW4UgRW4ye0wgEXbV1XlC/kRNGOrzKH5x4DYCvnE2j9+jvKYJ0
         0Efkb0sic0GOPU4valiIDrJbRqk/vmPG5OLso90hvBWkoTUa53E3pqaEMKf1kB/fxxK6
         ngdxtTiLIgitfoV+8RMGUhlFKf4zuCaiOpf+MhY0qhe3gwXqqb3ufJFyxmk/8/z/MLO8
         Wel+JftwDk88/gEBzAlYjbRtPHGJVCxC7BDF7fP5K7f0PioDBECXNkQQ+R6FnBE/2+jK
         w++XdFd7zIrkJMvJc6gIvl/wxsLzJtBKwoiYbfye4wBe/d+SgHwNGdl2SrxDmFeqR5CE
         dNRQ==
X-Gm-Message-State: AOJu0YxEUlGIAMl6YhxbSjXDEGkFCCYAyyotaTt0XcxAm0NMRXCbyAYB
	aN33Ia8bgEA24J4qnsg9mwOvVmWL8lQ0pQVr9kUpkLW5ka2lpOzh/q9US+Ld2ckiatO/B96U5eD
	DGIQfo61rZ/M9UMgtN5qbQigHLCVTGPh9yNpIe44d4PFXqiLZGGKneWt/4f6BZulA8z2DAKyiut
	yHvaw=
X-Received: by 2002:a17:902:d2c4:b0:1f3:266b:ea23 with SMTP id
 d9443c01a7336-1f6a59ffc72mr2588045ad.13.1717522517076;
        Tue, 04 Jun 2024 10:35:17 -0700 (PDT)
X-Google-Smtp-Source: 
 AGHT+IF402xnb6U1ntjWsJAZ7vZkCB8qUr3IU/A2zlmwa//THnGCYx2TF/N6h0FHsc4ODWiG/Lgyjg==
X-Received: by 2002:a17:902:d2c4:b0:1f3:266b:ea23 with SMTP id
 d9443c01a7336-1f6a59ffc72mr2587645ad.13.1717522516331;
        Tue, 04 Jun 2024 10:35:16 -0700 (PDT)
From: Georgia Garcia <georgia.garcia@canonical.com>
To: devel@lists.libvirt.org
Subject: [PATCH] virt-aa-helper: use 'include if exists' on .files
Date: Tue,  4 Jun 2024 14:34:56 -0300
Message-Id: <20240604173456.3533611-1-georgia.garcia@canonical.com>
X-Mailer: git-send-email 2.34.1
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: D7PJ75G3N6552LKNQ2ZAHYBJFBQAH4VT
X-Message-ID-Hash: D7PJ75G3N6552LKNQ2ZAHYBJFBQAH4VT
X-MailFrom: georgia.garcia@canonical.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
CC: Georgia Garcia <georgia.garcia@canonical.com>
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/D7PJ75G3N6552LKNQ2ZAHYBJFBQAH4VT/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
X-ZohoMail-DKIM: fail (Computed bodyhash is different from the expected one)
X-ZM-MESSAGEID: 1717523071513100001
Content-Type: text/plain; charset="utf-8"

Change the 'include' in the AppArmor policy to use 'include if exists'
when including <uuid>.files. Note that 'if exists' is only available
after AppArmor 3.0, therefore a #ifdef check must be added.

When the <uuid>.files is not present, there are some failures in the
AppArmor tools like the following, since they expect the file to exist
when using 'include':

ERROR: Include file /etc/apparmor.d/libvirt/libvirt-8534a409-a460-4fab-a2dd=
-0e1dce4ff273.files not found

Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/security/virt-aa-helper.c | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 0374581f07..402cbd9602 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -1564,7 +1564,12 @@ main(int argc, char **argv)
         /* create the profile from TEMPLATE */
         if (ctl->cmd =3D=3D 'c' || purged) {
             char *tmp =3D NULL;
-            tmp =3D g_strdup_printf("  #include <libvirt/%s.files>\n", ctl=
->uuid);
+#if defined(WITH_APPARMOR_3)
+            const char *ifexists =3D "if exists ";
+#else
+            const char *ifexists =3D "";
+#endif
+            tmp =3D g_strdup_printf("  #include %s<libvirt/%s.files>\n", i=
fexists, ctl->uuid);
=20
             if (ctl->dryrun) {
                 vah_info(profile);
--=20
2.34.1