From nobody Tue Jan 21 04:22:46 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1736195494; cv=none; d=zohomail.com; s=zohoarc; b=TOHC0qmveoHkx561gCqtgH/7sNC+PW8z61obIRywlNjt7NkS6TwI+9uP4onItzKhgLNjFa0ri2R425mXzQG8WYyW2Ht5FuOPI79HcyS32cc6ngxW9v/FQU1kBZGqd/Wfu2IplR46IqzAFQiW4D/lTxtA/OmMB/36TFa6IcurbVQ= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1736195494; h=Content-Transfer-Encoding:Date:Date:From:From:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:Subject:Subject:To:To:Message-Id:Cc; bh=GDuHqwG1tNMLKx6wuv/Y7L0+39N4S44nEUZFG/zWZz4=; b=JskJrMuwCm6uc7h1sKHtCmHtznFz4loTQqiBSrpB0g5UDgzRcKRYaVyboVK+eqKrtt+48qsPFDL7A/TuDLY6CYoTYd2KJE4OiWLvYHowaoSRtgwc34MMa4Hp8gyIcJqltQCHKl6Ggs3YyVWxQaQjKSMHxAEbQo78Xp6fO8qfeOM= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1736195494473532.6810435588665; Mon, 6 Jan 2025 12:31:34 -0800 (PST) Received: by lists.libvirt.org (Postfix, from userid 996) id 73FCDC03; Mon, 6 Jan 2025 15:31:33 -0500 (EST) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id D6868B34; Mon, 6 Jan 2025 15:31:16 -0500 (EST) Received: by lists.libvirt.org (Postfix, from userid 996) id CEB53A7B; Mon, 6 Jan 2025 15:31:13 -0500 (EST) Received: from mail-ej1-f49.google.com (mail-ej1-f49.google.com [209.85.218.49]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 6DFC3A7B for ; Mon, 6 Jan 2025 15:31:12 -0500 (EST) Received: by mail-ej1-f49.google.com with SMTP id a640c23a62f3a-aa67333f7d2so2156918466b.0 for ; Mon, 06 Jan 2025 12:31:12 -0800 (PST) Received: from localhost (75-169-8-111.slkc.qwest.net. [75.169.8.111]) by smtp.gmail.com with ESMTPSA id d2e1a72fcca58-72aad8dbb5asm31749547b3a.93.2025.01.06.12.31.10 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 06 Jan 2025 12:31:10 -0800 (PST) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H3, RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=suse.com; s=google; t=1736195471; x=1736800271; darn=lists.libvirt.org; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:from:to:cc:subject:date:message-id:reply-to; bh=5ukF/X5aQkh/pFmVrbFDXzTfw7VHxpl18Q305f71swU=; b=BcA6N8wi4ab/wQBHWphNDdvrb8IiznnZgnoEDIxAHKjWfoiUNIg3M/8VTJj1oEE+j9 kf4My6Om5ZL7I3I5/QhRfwEdrFLzJdIaF566C/eixDOzZwcxcCEDIpKjx+UlXXl+SsWp k7hYk8i44OZm8J83TlpGkkMx4MR5jM9cccKBRBRI/itkzOcqKi32o1SupXO7QsQ+lQcl p6Mggrm8oPAg6Eyl8c2FTxfksw+ZL0w9MHYekJBhtEV57LCf9eDDNu4TWK3nkod1f/lS IgHMX4+NO0WGY/AuevCHCCNa807HgQvvVLzr+FXtsLJOWN7iedkb4ODJ/PDIwYzqAemm sFiA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1736195471; x=1736800271; h=content-transfer-encoding:mime-version:message-id:date:subject:to :from:x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=5ukF/X5aQkh/pFmVrbFDXzTfw7VHxpl18Q305f71swU=; b=RXQKtKDc4jG/8eF4wGg/jK5+3brUPMif1E91BapSFw5dXYEmewvBvYSD2+2nayQ7QY IqhFoOpWIvAvqXBZV4Md6LNASzYUacZwMZU8fEwg8BJ/H4QFENBDdkv9sFkFxWlTty7c 9vsSehpPTbQpOXQ97BYwo1/Kvaf2waIpeOZoRGhoUm3BVaD7vFVycRXuyAGLjt9tURBt sutm5ATSyqjzCxtozi7Jr53qnNBNyQu0nQmBMFG4RX9KTB3itr8cCyOTjLw4ZznFv3mh eYPnKd60ZhhrcKFFFWoZXQCFgkvQZ+Z63ENXj4ZwEBq17IZhfLLleMsb3nF/wgziO/sy wAhA== X-Gm-Message-State: AOJu0Yx6XzeUf52yWRUZM0Ohx8UV4L+QQzLveKDVUnKAIFzp4rmD9F3x GPhuL4xI+ehLN7GFlE2OeRxheXzcKtwIbPZiemEzRS7rj7deNRd0EUV+JygoOLObj4e7+GAjIFS e X-Gm-Gg: ASbGncs8ZCT8/2qn6ULmsoEzZTSS0dpWeRLxdnB9Qxi+dJWeNIlsUYsgrAgtY2iw0t7 XdhVm5zXOFEIQtgJDq35m+4FUO6qoi/C6KR2bM8VK0UF0crNP9b2ieW47eV08WB/b/GxgmMLShQ 4o7lvp0p8it5cWUuPRxBSswQX2ZtxRSjavsdl63lCQ3Jj2ElEyUNHyO8ToDC/UBH4hnMesJA6Mj UYgPLRQipbeVvOmRhEKEAvPXaeqNI4mlCHsQAfWhRf110q2fcR2v4uH75w8P/ACgWeLswyJs38= X-Google-Smtp-Source: AGHT+IHcmGWIHesWLKKESxXj/ytISozZzH+la7MyQxCqKIYGUhwj4/Kj3d6PtrpnOPdOh+OynqcQ1A== X-Received: by 2002:a17:906:c142:b0:aa6:87e8:1d08 with SMTP id a640c23a62f3a-aac2703377cmr4259137666b.8.1736195471147; Mon, 06 Jan 2025 12:31:11 -0800 (PST) To: devel@lists.libvirt.org Subject: [PATCH] security: apparmor: Remove hardcoded "libvirtd" profile name Date: Mon, 6 Jan 2025 13:30:45 -0700 Message-ID: <20250106203109.22058-1-jfehlig@suse.com> X-Mailer: git-send-email 2.43.0 MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Message-ID-Hash: ZQBYOPXXSFCWTDXF6OCDSGXJ4SVBIACC X-Message-ID-Hash: ZQBYOPXXSFCWTDXF6OCDSGXJ4SVBIACC X-MailFrom: jfehlig@suse.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: From: Jim Fehlig via Devel Reply-To: Jim Fehlig X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1736195495451116600 Content-Type: text/plain; charset="utf-8" The apparmor driver probe function checks for an active profile matching the full path of the running daemon binary. If not found, it checks for a profile named "libvirtd". This works fine when the running daemon is the old monolithic libvirtd, but fails with modular daemons. Remove the check for a hardcoded "libvirtd" profile and replace with the basename of the running daemon binary. Signed-off-by: Jim Fehlig Reviewed-by: Daniel P. Berrang=C3=A9 --- src/security/security_apparmor.c | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/security/security_apparmor.c b/src/security/security_appar= mor.c index c8e77c6cd2..eed0f265d6 100644 --- a/src/security/security_apparmor.c +++ b/src/security/security_apparmor.c @@ -239,7 +239,9 @@ use_apparmor(void) */ rc =3D profile_status(libvirt_daemon, 1); if (rc < 0) { - rc =3D profile_status("libvirtd", 1); + g_autofree char *basename =3D g_path_get_basename(libvirt_daemon); + + rc =3D profile_status(basename, 1); /* Error or unconfined should all result in -1 */ if (rc < 0) rc =3D -1; --=20 2.43.0