From nobody Tue Dec 16 04:35:53 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass(p=reject dis=none)  header.from=lists.libvirt.org
ARC-Seal: i=1; a=rsa-sha256; t=1743424691; cv=none;
	d=zohomail.com; s=zohoarc;
	b=jYDoxScDLpwGqEyQ09cIulvAcqVa1YDLBCfp1hwMV1x+7hkzzvx8CiHENPvS2uwhTplnGBFdmJgYA35HQrDIz9AV7wbRcz31/DdrdeuWzPcx+rVIrdDEpRlGIgrQweu54wxeimO+x5lTebIBb3eDm8e9IdeDQ9W1iyBkJmeAqbs=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1743424691;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id;
	bh=W/3ZLlA1bIiM6HoEI5UV3QWlrFlCGc2SKocRHL4R06M=;
	b=GgYQCh4C38+KARhUz1X4JpePLci9JPRx0PO/bJ8Rz8Tzbsy9T5jFr8DARJ2CVMp9Gm8JYBpC6NbP0HnE8sAiXxS4epWL1GDdxX4y+LlMfKSdl0+/PeLt2OU7qnIF1uj2tkGWKDIwBdTy8moT8VoEns9K1l4LJbZmS2zr23EjbxQ=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass header.from=<devel@lists.libvirt.org> (p=reject dis=none)
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1743424691815915.9137851732995;
 Mon, 31 Mar 2025 05:38:11 -0700 (PDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id C089B11EF; Mon, 31 Mar 2025 08:38:10 -0400 (EDT)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id 46FBB11C7;
	Mon, 31 Mar 2025 08:37:50 -0400 (EDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id C6DFF11BA; Mon, 31 Mar 2025 08:37:47 -0400 (EDT)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id DDDEA11A6
	for <devel@lists.libvirt.org>; Mon, 31 Mar 2025 08:37:46 -0400 (EDT)
Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-224-9mpGTWuuN9e83okFrXnWUg-1; Mon,
 31 Mar 2025 08:37:43 -0400
Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id 38800187BE0C
	for <devel@lists.libvirt.org>; Mon, 31 Mar 2025 12:37:35 +0000 (UTC)
Received: from toolbx.redhat.com (unknown [10.42.28.36])
	by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
 id 49967180B48A;
	Mon, 31 Mar 2025 12:37:34 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable
	autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1743424666;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=rhTxa7+F6za6gMEiN2aKKJ7fXUysLYuXGKxBU0rjMDU=;
	b=XZjNikgDS9HfS1Mjb8iAdJjTyhRU7SutScCpET8WJVv9bc8+Tdcp79c/zBr4NmKRvickev
	YX+rNsHwpZmwsJW+7x41J7XUGyRuXF2Js1Ig/PrGuEx1j1IMCMaFdPJEhVBDcaMIV3k1VR
	HUKunaA3ZxC8od+2vBIUQXlC5Otkjk8=
X-MC-Unique: 9mpGTWuuN9e83okFrXnWUg-1
X-Mimecast-MFC-AGG-ID: 9mpGTWuuN9e83okFrXnWUg_1743424663
To: devel@lists.libvirt.org
Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Subject: [PATCH v2 1/5] meson: mandate apparmor >= 3.0.0
Date: Mon, 31 Mar 2025 13:37:27 +0100
Message-ID: <20250331123731.1020743-2-berrange@redhat.com>
In-Reply-To: <20250331123731.1020743-1-berrange@redhat.com>
References: <20250331123731.1020743-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: D9JlTawmp3AKQXUh8mQB9t979In6-pKwSVcAjZ8rDeM_1743424663
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: FOIRC2TN3N366M5Y2HQ7RXNAFO4PTZCB
X-Message-ID-Hash: FOIRC2TN3N366M5Y2HQ7RXNAFO4PTZCB
X-MailFrom: berrange@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/FOIRC2TN3N366M5Y2HQ7RXNAFO4PTZCB/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9_via_Devel?=
 <devel@lists.libvirt.org>
Reply-To: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1743424695413019100
Content-Type: text/plain; charset="utf-8"

From: Daniel P. Berrang=C3=A9 <berrange@redhat.com>

We can now assume at least version three:

 * Debian 12: 3.0.8
 * openSUSE Leap 15.5: 3.0.4
 * openSUSE Leap 15.6: 3.1.7
 * Ubuntu 22.04: 3.0.4
 * Ubuntu 24.04: 4.0.0

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
---
 meson.build | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/meson.build b/meson.build
index 56823ca25b..d148d3de0b 100644
--- a/meson.build
+++ b/meson.build
@@ -926,12 +926,12 @@ if acl_dep.found()
   conf.set('WITH_LIBACL', 1)
 endif
=20
-apparmor_dep =3D dependency('libapparmor', required: get_option('apparmor'=
))
+apparmor_version =3D '3.0.0'
+apparmor_dep =3D dependency('libapparmor', version: '>=3D' + apparmor_vers=
ion,
+                          required: get_option('apparmor'))
 if apparmor_dep.found()
   conf.set('WITH_APPARMOR', 1)
-  if apparmor_dep.version().version_compare('>=3D3.0.0')
-    conf.set('WITH_APPARMOR_3', 1)
-  endif
+  conf.set('WITH_APPARMOR_3', 1)
   conf.set_quoted('APPARMOR_DIR', sysconfdir / 'apparmor.d')
   conf.set_quoted('APPARMOR_PROFILES_PATH', '/sys/kernel/security/apparmor=
/profiles')
 endif
--=20
2.48.1
From nobody Tue Dec 16 04:35:53 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass(p=reject dis=none)  header.from=lists.libvirt.org
ARC-Seal: i=1; a=rsa-sha256; t=1743424774; cv=none;
	d=zohomail.com; s=zohoarc;
	b=LqJyPFSLISeOSnF1PXIOtxUH1+ZTePJcWrqIlZbms/PRK0hK4oAwH3tHxXTgYGklFU3MMCmei5H6wizum2Rgf+P5gETY5dtWIljNzvrr/GKpgRYwdcxb5vqAdDivM4ZF12/+UIpOqpL6GbYo4gQwdUUF/TAB9+WsFQzJ7ti+bN0=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1743424774;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id;
	bh=bOu6Olz8k67ZoDl9PG3YrGfNWk4epbjf8KjQmofDRFA=;
	b=S+jbhnf0nL9WeAN84tYKaKeF/nY4kz4jFSruAYkkpgrbaznGUErpFcaaHyzIyZlpeP56zG4dDZDF43ZvqviXKxZQPWk7IQTSzadw6ZmKsNRoWmzlG63EVnK9Y1pqBsX437oeiAkVETcpBT+kxO7pOuOzAYhfOK5zHQ+Fnn8daSE=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass header.from=<devel@lists.libvirt.org> (p=reject dis=none)
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1743424774122207.22809857362085;
 Mon, 31 Mar 2025 05:39:34 -0700 (PDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 442DB11AE; Mon, 31 Mar 2025 08:39:33 -0400 (EDT)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id DB8061300;
	Mon, 31 Mar 2025 08:37:51 -0400 (EDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 3203911B4; Mon, 31 Mar 2025 08:37:48 -0400 (EDT)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 3B80011AA
	for <devel@lists.libvirt.org>; Mon, 31 Mar 2025 08:37:47 -0400 (EDT)
Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-456-3GlX98TJMYq1WTjkX_IDMA-1; Mon,
 31 Mar 2025 08:37:45 -0400
Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id 84D9D180AF7A
	for <devel@lists.libvirt.org>; Mon, 31 Mar 2025 12:37:36 +0000 (UTC)
Received: from toolbx.redhat.com (unknown [10.42.28.36])
	by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
 id 9B556180A803;
	Mon, 31 Mar 2025 12:37:35 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_VALIDITY_SAFE_BLOCKED,
	SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1743424667;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=W8JKxyETnJmpGnKJElJ8nhujAgD2a1wQuhooHd6QBfM=;
	b=F//CburSBI6KOyXvru7zHZM2CxVxgHzw/uVfesf3V3fQ9XQ697Ji1b9ueJYbSgL3uSTcX5
	LV5hjzasj3ERiorosfu5VVTmu359mPyhpiMXxFGLxhs+C3HZrL9P1tSG1PAM9kNxk6CmFY
	P9pSjsxDsuBk0BiPBi82e91On1NpTCs=
X-MC-Unique: 3GlX98TJMYq1WTjkX_IDMA-1
X-Mimecast-MFC-AGG-ID: 3GlX98TJMYq1WTjkX_IDMA_1743424664
To: devel@lists.libvirt.org
Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Subject: [PATCH v2 2/5] apparmor: assume at least apparmor >= 3
Date: Mon, 31 Mar 2025 13:37:28 +0100
Message-ID: <20250331123731.1020743-3-berrange@redhat.com>
In-Reply-To: <20250331123731.1020743-1-berrange@redhat.com>
References: <20250331123731.1020743-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: cT_yolNBbMcIwjXT4FF3yQrTfSsRXZF0jNkoI81GDdQ_1743424664
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: Z4MIDUZZTCODHFYT476NLBTP545V7CUM
X-Message-ID-Hash: Z4MIDUZZTCODHFYT476NLBTP545V7CUM
X-MailFrom: berrange@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/Z4MIDUZZTCODHFYT476NLBTP545V7CUM/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9_via_Devel?=
 <devel@lists.libvirt.org>
Reply-To: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1743424775375019100
Content-Type: text/plain; charset="utf-8"

From: Daniel P. Berrang=C3=A9 <berrange@redhat.com>

By assuming version 3, we can drop all the conditional version
substitutions from the profiles.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
---
 src/security/apparmor/libvirt-lxc.in                    | 2 --
 src/security/apparmor/libvirt-qemu.in                   | 4 ----
 src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in | 5 -----
 src/security/apparmor/usr.sbin.libvirtd.in              | 2 --
 src/security/apparmor/usr.sbin.virtqemud.in             | 2 --
 src/security/apparmor/usr.sbin.virtxend.in              | 2 --
 6 files changed, 17 deletions(-)

diff --git a/src/security/apparmor/libvirt-lxc.in b/src/security/apparmor/l=
ibvirt-lxc.in
index ffe4d8f21f..11005e7c21 100644
--- a/src/security/apparmor/libvirt-lxc.in
+++ b/src/security/apparmor/libvirt-lxc.in
@@ -117,6 +117,4 @@
   deny /sys/fs/cgroup?*{,/**} wklx,
   deny /sys/fs?*{,/**} wklx,
=20
-@BEGIN_APPARMOR_3@
   include if exists <abstractions/libvirt-lxc.d>
-@END_APPARMOR_3@
diff --git a/src/security/apparmor/libvirt-qemu.in b/src/security/apparmor/=
libvirt-qemu.in
index c63077574e..e4aceacd70 100644
--- a/src/security/apparmor/libvirt-qemu.in
+++ b/src/security/apparmor/libvirt-qemu.in
@@ -190,7 +190,6 @@
   /usr/{lib,lib64}/libswtpm_libtpms.so mr,
   /usr/lib/@{multiarch}/libswtpm_libtpms.so mr,
=20
-@BEGIN_APPARMOR_3@
   # support for passt network back-end
   /usr/bin/passt Cx -> passt,
=20
@@ -206,7 +205,6 @@
=20
     include if exists <abstractions/passt>
   }
-@END_APPARMOR_3@
=20
   # for save and resume
   /{usr/,}bin/dash rmix,
@@ -281,6 +279,4 @@
   owner /var/lib/libvirt/qemu/nvram/*_VARS.fd rwk,
   owner /var/lib/libvirt/qemu/nvram/*_VARS.ms.fd rwk,
=20
-@BEGIN_APPARMOR_3@
   include if exists <abstractions/libvirt-qemu.d>
-@END_APPARMOR_3@
diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in b/src/=
security/apparmor/usr.lib.libvirt.virt-aa-helper.in
index 90a8b7072c..e209a8bff7 100644
--- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in
+++ b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in
@@ -74,10 +74,5 @@ profile virt-aa-helper @libexecdir@/virt-aa-helper {
   /**.[iI][sS][oO] r,
   /**/disk{,.*} r,
=20
-@BEGIN_APPARMOR_3@
   include if exists <local/usr.lib.libvirt.virt-aa-helper>
-@END_APPARMOR_3@
-@BEGIN_APPARMOR_2@
-  #include <local/usr.lib.libvirt.virt-aa-helper>
-@END_APPARMOR_2@
 }
diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/appa=
rmor/usr.sbin.libvirtd.in
index 3659ddc219..6267e4f737 100644
--- a/src/security/apparmor/usr.sbin.libvirtd.in
+++ b/src/security/apparmor/usr.sbin.libvirtd.in
@@ -144,7 +144,5 @@ profile libvirtd @sbindir@/libvirtd flags=3D(attach_dis=
connected) {
    /usr/{lib,lib64,lib/qemu,libexec,libexec/qemu}/qemu-bridge-helper rmix,
   }
=20
-@BEGIN_APPARMOR_3@
   include if exists <local/usr.sbin.libvirtd>
-@END_APPARMOR_3@
 }
diff --git a/src/security/apparmor/usr.sbin.virtqemud.in b/src/security/app=
armor/usr.sbin.virtqemud.in
index 86b23465b6..522c098af6 100644
--- a/src/security/apparmor/usr.sbin.virtqemud.in
+++ b/src/security/apparmor/usr.sbin.virtqemud.in
@@ -136,7 +136,5 @@ profile virtqemud @sbindir@/virtqemud flags=3D(attach_d=
isconnected) {
    /usr/{lib,lib64,lib/qemu,libexec,libexec/qemu}/qemu-bridge-helper rmix,
   }
=20
-@BEGIN_APPARMOR_3@
   include if exists <local/usr.sbin.virtqemud>
-@END_APPARMOR_3@
 }
diff --git a/src/security/apparmor/usr.sbin.virtxend.in b/src/security/appa=
rmor/usr.sbin.virtxend.in
index 77fedce352..324a000391 100644
--- a/src/security/apparmor/usr.sbin.virtxend.in
+++ b/src/security/apparmor/usr.sbin.virtxend.in
@@ -55,7 +55,5 @@ profile virtxend @sbindir@/virtxend flags=3D(attach_disco=
nnected) {
   /etc/libvirt/hooks/** rmix,
   /etc/xen/scripts/** rmix,
=20
-@BEGIN_APPARMOR_3@
   include if exists <local/usr.sbin.virtxend>
-@END_APPARMOR_3@
 }
--=20
2.48.1
From nobody Tue Dec 16 04:35:53 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass(p=reject dis=none)  header.from=lists.libvirt.org
ARC-Seal: i=1; a=rsa-sha256; t=1743424794; cv=none;
	d=zohomail.com; s=zohoarc;
	b=HszDootkmr2Ir6XrH/ikQ6M/wAzFfEfd1DHzAI4IY/c4pkzvhgX+DNEHYNGbq+cVXf/74YjUCGeSpD2YAYPpFyp72rdQ73+wTA2bhVSUieMZj3w37v+yDklmdVEWe1wG6AyWZfdLfKdD36a22AwtyYBzjDR+nBJdPyiSnEOFs7k=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1743424794;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id;
	bh=Dq7eb7rtZ/UcdI+nO48Ji8aHW9xjWHrrgn54RHY+eNg=;
	b=dh24sK3c0rSaudQ0PACu4eJE3Ziug2Ycvi1dcOYAltrEiRTOXJgQvw1LkW4TmUWNANGyiiP1zaJNl2FCtCpwbnohoJ6mud97bX2wC3xhv4gAlm0AWY9hyujVCKdZCB1PWjc5Vz2hnKyYIfTA/gXBYOM2gHEPf5Jkcy9L0CR2qEU=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass header.from=<devel@lists.libvirt.org> (p=reject dis=none)
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1743424794746514.5837812385486;
 Mon, 31 Mar 2025 05:39:54 -0700 (PDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 2489312F7; Mon, 31 Mar 2025 08:39:54 -0400 (EDT)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id C02611325;
	Mon, 31 Mar 2025 08:37:54 -0400 (EDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 467F911AA; Mon, 31 Mar 2025 08:37:48 -0400 (EDT)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id AE20811B1
	for <devel@lists.libvirt.org>; Mon, 31 Mar 2025 08:37:47 -0400 (EDT)
Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-435-6hN9WgViOeWTaGCTsPTReg-1; Mon,
 31 Mar 2025 08:37:45 -0400
Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id C8DD3180AF74
	for <devel@lists.libvirt.org>; Mon, 31 Mar 2025 12:37:37 +0000 (UTC)
Received: from toolbx.redhat.com (unknown [10.42.28.36])
	by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
 id E8945180A803;
	Mon, 31 Mar 2025 12:37:36 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H5,
	RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable
	autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1743424667;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=R0V6Zrs6r5L29DZ84GWYpcKhg0vQyXaBdyqVmNFoHkk=;
	b=VNTlg7KWgS9fdQR2jttn9PLteo2CS6EwjJ4AxNDi2J8HRuEh+CUvYWzVKVIOxoMHhlz5mL
	BwpMBbQJ57b5UYEJqZwqDbboq7VsqWNTb5lnCyYKG5x3pMsEJ51XUexGgOH/MH4tJwTpGO
	6CCDzjFk8BsMzuPYBQ9H/fhm3VBp6EE=
X-MC-Unique: 6hN9WgViOeWTaGCTsPTReg-1
X-Mimecast-MFC-AGG-ID: 6hN9WgViOeWTaGCTsPTReg_1743424665
To: devel@lists.libvirt.org
Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Subject: [PATCH v2 3/5] Revert "apparmor: Allow version-specific bits in
 abstractions too"
Date: Mon, 31 Mar 2025 13:37:29 +0100
Message-ID: <20250331123731.1020743-4-berrange@redhat.com>
In-Reply-To: <20250331123731.1020743-1-berrange@redhat.com>
References: <20250331123731.1020743-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: 9KqASNCBtMhV_kwTucQctRf80n07cTqt1JwLDs4VxWY_1743424665
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: UTO2I2RJAQIVTOMDLLGKBEHDJSAYMCKP
X-Message-ID-Hash: UTO2I2RJAQIVTOMDLLGKBEHDJSAYMCKP
X-MailFrom: berrange@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/UTO2I2RJAQIVTOMDLLGKBEHDJSAYMCKP/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9_via_Devel?=
 <devel@lists.libvirt.org>
Reply-To: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1743424796129019000
Content-Type: text/plain; charset="utf-8"

From: Daniel P. Berrang=C3=A9 <berrange@redhat.com>

This reverts commit 63a312fa2d3be0e34a8989deddd39792fc9badf6.

There is no longer any need to dynamically generate version specific
rules. This revert can be reverted, if the need ever arises again
in the future.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
---
 .../apparmor/{libvirt-lxc.in =3D> libvirt-lxc}  |  0
 .../{libvirt-qemu.in =3D> libvirt-qemu}         |  0
 src/security/apparmor/meson.build             | 19 ++++---------------
 3 files changed, 4 insertions(+), 15 deletions(-)
 rename src/security/apparmor/{libvirt-lxc.in =3D> libvirt-lxc} (100%)
 rename src/security/apparmor/{libvirt-qemu.in =3D> libvirt-qemu} (100%)

diff --git a/src/security/apparmor/libvirt-lxc.in b/src/security/apparmor/l=
ibvirt-lxc
similarity index 100%
rename from src/security/apparmor/libvirt-lxc.in
rename to src/security/apparmor/libvirt-lxc
diff --git a/src/security/apparmor/libvirt-qemu.in b/src/security/apparmor/=
libvirt-qemu
similarity index 100%
rename from src/security/apparmor/libvirt-qemu.in
rename to src/security/apparmor/libvirt-qemu
diff --git a/src/security/apparmor/meson.build b/src/security/apparmor/meso=
n.build
index b9257c816d..356951c7f1 100644
--- a/src/security/apparmor/meson.build
+++ b/src/security/apparmor/meson.build
@@ -5,11 +5,6 @@ apparmor_gen_profiles =3D [
   'usr.sbin.virtxend',
 ]
=20
-apparmor_gen_abstractions =3D [
-  'libvirt-qemu',
-  'libvirt-lxc',
-]
-
 apparmor_gen_profiles_conf =3D configuration_data({
   'sysconfdir': sysconfdir,
   'sbindir': sbindir,
@@ -61,16 +56,10 @@ foreach name : apparmor_gen_profiles
   )
 endforeach
=20
-foreach name : apparmor_gen_abstractions
-  configure_file(
-    input: '@0@.in'.format(name),
-    output: name,
-    command: apparmor_gen_cmd,
-    capture: true,
-    install: true,
-    install_dir: apparmor_dir / 'abstractions',
-  )
-endforeach
+install_data(
+  [ 'libvirt-qemu', 'libvirt-lxc' ],
+  install_dir: apparmor_dir / 'abstractions',
+)
=20
 install_data(
   [ 'TEMPLATE.qemu', 'TEMPLATE.lxc' ],
--=20
2.48.1
From nobody Tue Dec 16 04:35:53 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass(p=reject dis=none)  header.from=lists.libvirt.org
ARC-Seal: i=1; a=rsa-sha256; t=1743424819; cv=none;
	d=zohomail.com; s=zohoarc;
	b=ZmeIz7Pw3U10FIrHGPvBtqccXZxFnXF8q8WL4xdZhglIOXPB8xh1WyQpHqXY4dmV6FvwMLrggfVf7x35YGCPHYZfZhCvInM7/1Z1BPTxNmV6MkIxSR5LpmUwYqWLhb8jkfqSfv9e+yTmPqKAJY7OiURnU4QW1LNqP8+0S6xu/rk=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1743424819;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id;
	bh=rcoZCDyqUAKGuVQUOGiRpWqmDuqNyml48kDMHM53GDs=;
	b=LN9sgYJPB5u33zRlKwH1nYILGDRi7GzzwPGK9fXAjHXjjX/M5W3st7eMuTF7QZQVoTwNlG87PFG5e2YBYhaUYWfQ8sOXItSV5W5g7k8KeJfwEswlNMNG/VS+Stv4PdPbnvmra17QQYqrvrPHZl5fFScdDV4RDVXBSZZmQiNyins=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass header.from=<devel@lists.libvirt.org> (p=reject dis=none)
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 1743424819827594.1971338421282;
 Mon, 31 Mar 2025 05:40:19 -0700 (PDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 4A7461364; Mon, 31 Mar 2025 08:40:19 -0400 (EDT)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id 62FE41235;
	Mon, 31 Mar 2025 08:37:57 -0400 (EDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 48CFC11A8; Mon, 31 Mar 2025 08:37:48 -0400 (EDT)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.129.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id 8D32311AC
	for <devel@lists.libvirt.org>; Mon, 31 Mar 2025 08:37:47 -0400 (EDT)
Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-495-xYHcCRWOMnOr7l27BYJzow-1; Mon,
 31 Mar 2025 08:37:46 -0400
Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id 10E4F1828B5F
	for <devel@lists.libvirt.org>; Mon, 31 Mar 2025 12:37:39 +0000 (UTC)
Received: from toolbx.redhat.com (unknown [10.42.28.36])
	by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
 id 34ECA180A803;
	Mon, 31 Mar 2025 12:37:38 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H5,
	RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable
	autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1743424667;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=1OeJ98Yx8uyMo+kzOhN7+IzFn+CGGPICF0ruHyJb0qQ=;
	b=STr//aUSuPbsE3u9PcTnmX7uluQUVUE91jpwNLaxcqg1ugr1mOQu6m8lf+V7HXiLzeTBCj
	JvBZ1+QmwJJ6ej59tDsYcz7MGEqkWrdJZmkRdozDBvesVC6XkBiHTwN1PDA7XHVnfqh1HB
	4EUYE/FjxiornvUU2MBoaKn40mk1p8E=
X-MC-Unique: xYHcCRWOMnOr7l27BYJzow-1
X-Mimecast-MFC-AGG-ID: xYHcCRWOMnOr7l27BYJzow_1743424665
To: devel@lists.libvirt.org
Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Subject: [PATCH v2 4/5] Revert "apparmor: Allow version-specific bits in
 profiles"
Date: Mon, 31 Mar 2025 13:37:30 +0100
Message-ID: <20250331123731.1020743-5-berrange@redhat.com>
In-Reply-To: <20250331123731.1020743-1-berrange@redhat.com>
References: <20250331123731.1020743-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: 0CIFUPTUPjwdkiVbPAnxEYnlcM25ZQpI6s70VYcwuT4_1743424665
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: ZNX4POJI5P2QBN2EWQO4F54XLWLYOU26
X-Message-ID-Hash: ZNX4POJI5P2QBN2EWQO4F54XLWLYOU26
X-MailFrom: berrange@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/ZNX4POJI5P2QBN2EWQO4F54XLWLYOU26/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9_via_Devel?=
 <devel@lists.libvirt.org>
Reply-To: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1743424820393019000
Content-Type: text/plain; charset="utf-8"

From: Daniel P. Berrang=C3=A9 <berrange@redhat.com>

This reverts commit 19eb8abc9a4d15190852d644b773a2348f11c9da.

There is no longer any need to dynamically generate version specific
rules. This revert can be reverted, if the need ever arises again
in the future.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
---
 src/security/apparmor/meson.build | 34 +------------------------------
 1 file changed, 1 insertion(+), 33 deletions(-)

diff --git a/src/security/apparmor/meson.build b/src/security/apparmor/meso=
n.build
index 356951c7f1..18968677df 100644
--- a/src/security/apparmor/meson.build
+++ b/src/security/apparmor/meson.build
@@ -14,41 +14,9 @@ apparmor_gen_profiles_conf =3D configuration_data({
=20
 apparmor_dir =3D sysconfdir / 'apparmor.d'
=20
-# Our profiles use some features that only work well on AppArmor 3.x,
-# specifically the 'include if exists' directive. In order to keep
-# supporting AppArmor 2.x, the bits that are version-specific are
-# enclosed in special markers and we decide which ones to include
-# based on the AppArmor version detected on the host.
-#
-# TODO: drop the additional complexity once we no longer target
-#       distros that ship AppArmor 2.x (Debian 11, Ubuntu 20.04)
-if conf.has('WITH_APPARMOR_3')
-  apparmor_gen_cmd =3D [
-    'sed',
-    '-e', '/[@]BEGIN_APPARMOR_3[@]/d',
-    '-e', '/[@]END_APPARMOR_3[@]/d',
-    '-e', '/[@]BEGIN_APPARMOR_2[@]/,/[@]END_APPARMOR_2[@]/d',
-    '@INPUT@'
-  ]
-else
-  apparmor_gen_cmd =3D [
-    'sed',
-    '-e', '/[@]BEGIN_APPARMOR_3[@]/,/[@]END_APPARMOR_3[@]/d',
-    '-e', '/[@]BEGIN_APPARMOR_2[@]/d',
-    '-e', '/[@]END_APPARMOR_2[@]/d',
-    '@INPUT@'
-  ]
-endif
-
 foreach name : apparmor_gen_profiles
-  tmp =3D configure_file(
-    input: '@0@.in'.format(name),
-    output: '@0@.tmp'.format(name),
-    command: apparmor_gen_cmd,
-    capture: true,
-  )
   configure_file(
-    input: tmp,
+    input: '@0@.in'.format(name),
     output: name,
     configuration: apparmor_gen_profiles_conf,
     install: true,
--=20
2.48.1
From nobody Tue Dec 16 04:35:53 2025
Delivered-To: importer@patchew.org
Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates
 8.43.85.245 as permitted sender) client-ip=8.43.85.245;
 envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org;
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass(p=reject dis=none)  header.from=lists.libvirt.org
ARC-Seal: i=1; a=rsa-sha256; t=1743424839; cv=none;
	d=zohomail.com; s=zohoarc;
	b=QxLKZfsDHLpo9pYr7fJ8t3PZNAi3XpLP9YSgA552XovCiYAmIH7EuWdGEhDBSOw8bjtReDHBiEJsLrZvDjjXeHjDSBcxFHylsAbTHGG+Ixff+ImsyMJJfuLT0IrhnVZJchAaFyM4shFfM3F9VSip53r7W7ezP0RQyglWg0omZ6A=
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com;
 s=zohoarc;
	t=1743424839;
 h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id;
	bh=MatpvC7W5xGycTomSmOuKYJ1UcuDraxz6BBE8QWTsE0=;
	b=WX1EUfx9C9hcV9chJGB6iaGFamx3T+j5BJTqH3CwwGe98b96PknzA+IjrA5PD8KY8qGs/MRkysW1X0jLKxRUhQmzn5k1lv6uojw4rPJ0aOoCwd99+Id2OCIZnpLIX8JtHFqNRDNSfI/osSdoXUjD6KCh0NQSM41jvLKKpVaOtkk=
ARC-Authentication-Results: i=1; mx.zohomail.com;
	dkim=fail;
	spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as
 permitted sender)  smtp.mailfrom=devel-bounces@lists.libvirt.org;
	dmarc=pass header.from=<devel@lists.libvirt.org> (p=reject dis=none)
Return-Path: <devel-bounces@lists.libvirt.org>
Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by
 mx.zohomail.com
	with SMTPS id 174342483927976.57414977066674;
 Mon, 31 Mar 2025 05:40:39 -0700 (PDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 58F001256; Mon, 31 Mar 2025 08:40:38 -0400 (EDT)
Received: from lists.libvirt.org (localhost [IPv6:::1])
	by lists.libvirt.org (Postfix) with ESMTP id 6C125135D;
	Mon, 31 Mar 2025 08:37:59 -0400 (EDT)
Received: by lists.libvirt.org (Postfix, from userid 996)
	id 5F9B811AA; Mon, 31 Mar 2025 08:37:48 -0400 (EDT)
Received: from us-smtp-delivery-124.mimecast.com
 (us-smtp-delivery-124.mimecast.com [170.10.133.124])
	(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
	(No client certificate requested)
	by lists.libvirt.org (Postfix) with ESMTPS id DD72411A6
	for <devel@lists.libvirt.org>; Mon, 31 Mar 2025 08:37:47 -0400 (EDT)
Received: from mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com
 (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by
 relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3,
 cipher=TLS_AES_256_GCM_SHA384) id us-mta-348-SyfbKun_NUyM9kdjGSVSqg-1; Mon,
 31 Mar 2025 08:37:46 -0400
Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com
 (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
	 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest
 SHA256)
	(No client certificate requested)
	by mx-prod-mc-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS
 id 7A0E8180886C
	for <devel@lists.libvirt.org>; Mon, 31 Mar 2025 12:37:40 +0000 (UTC)
Received: from toolbx.redhat.com (unknown [10.42.28.36])
	by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP
 id 9DAD5180A803;
	Mon, 31 Mar 2025 12:37:39 +0000 (UTC)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org
X-Spam-Level: 
X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED,
	MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_VALIDITY_RPBL_BLOCKED,
	RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable
	autolearn_force=no version=3.4.4
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com;
	s=mimecast20190719; t=1743424667;
	h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
	 to:to:cc:cc:mime-version:mime-version:content-type:content-type:
	 content-transfer-encoding:content-transfer-encoding:
	 in-reply-to:in-reply-to:references:references;
	bh=jj30kUEzldTBlkMsRty9MQPfrqDsE7mtDJW4RQz8gAI=;
	b=BeZWTzlGzkMHigTfkKE1p1hDPB1NnYjgZbOcjvdv0k/QLflZEZ+jCOAu3zj8z3OZW2baMR
	wcxMnYzF7kJCsO+mRsuDb6453Qsn1NhkN233xSMC59rf7XD7xxy0nOJSLZ8sJb9qnYCDyx
	VLXLp11GLHq0VRr+ocSx7jJc2Ft8WSU=
X-MC-Unique: SyfbKun_NUyM9kdjGSVSqg-1
X-Mimecast-MFC-AGG-ID: SyfbKun_NUyM9kdjGSVSqg_1743424665
To: devel@lists.libvirt.org
Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
Subject: [PATCH v2 5/5] meson: drop remaining checks for apparmor version
Date: Mon, 31 Mar 2025 13:37:31 +0100
Message-ID: <20250331123731.1020743-6-berrange@redhat.com>
In-Reply-To: <20250331123731.1020743-1-berrange@redhat.com>
References: <20250331123731.1020743-1-berrange@redhat.com>
MIME-Version: 1.0
X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93
X-Mimecast-Spam-Score: 0
X-Mimecast-MFC-PROC-ID: G3Anac9mdtr0DcZS4_iFxqC5RvIfpK4Wr9_0XwOP5MQ_1743424665
X-Mimecast-Originator: redhat.com
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: R5PV7Y32T2G33ZMZYNZAI22WZDFSIMNO
X-Message-ID-Hash: R5PV7Y32T2G33ZMZYNZAI22WZDFSIMNO
X-MailFrom: berrange@redhat.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency;
 loop; banned-address; member-moderation; header-match-config-1;
 header-match-config-2; header-match-config-3;
 header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia;
 implicit-dest; max-recipients; max-size; news-moderation; no-subject;
 suspicious-header
X-Mailman-Version: 3.2.2
Precedence: list
List-Id: Development discussions about the libvirt library & tools
 <devel.lists.libvirt.org>
Archived-At: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/message/R5PV7Y32T2G33ZMZYNZAI22WZDFSIMNO/>
List-Archive: 
 <https://lists.libvirt.org/archives/list/devel@lists.libvirt.org/>
List-Help: <mailto:devel-request@lists.libvirt.org?subject=help>
List-Post: <mailto:devel@lists.libvirt.org>
List-Subscribe: <mailto:devel-join@lists.libvirt.org>
List-Unsubscribe: <mailto:devel-leave@lists.libvirt.org>
From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9_via_Devel?=
 <devel@lists.libvirt.org>
Reply-To: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= <berrange@redhat.com>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZM-MESSAGEID: 1743424841488019100
Content-Type: text/plain; charset="utf-8"

From: Daniel P. Berrang=C3=A9 <berrange@redhat.com>

Now that we mandate version 3, any remaining conditional checks
in meson/source code can be removed.

Signed-off-by: Daniel P. Berrang=C3=A9 <berrange@redhat.com>
Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
---
 meson.build                       |  1 -
 src/security/apparmor/meson.build | 11 -----------
 src/security/virt-aa-helper.c     |  9 ++-------
 3 files changed, 2 insertions(+), 19 deletions(-)

diff --git a/meson.build b/meson.build
index d148d3de0b..c267d52672 100644
--- a/meson.build
+++ b/meson.build
@@ -931,7 +931,6 @@ apparmor_dep =3D dependency('libapparmor', version: '>=
=3D' + apparmor_version,
                           required: get_option('apparmor'))
 if apparmor_dep.found()
   conf.set('WITH_APPARMOR', 1)
-  conf.set('WITH_APPARMOR_3', 1)
   conf.set_quoted('APPARMOR_DIR', sysconfdir / 'apparmor.d')
   conf.set_quoted('APPARMOR_PROFILES_PATH', '/sys/kernel/security/apparmor=
/profiles')
 endif
diff --git a/src/security/apparmor/meson.build b/src/security/apparmor/meso=
n.build
index 18968677df..09d9fac02c 100644
--- a/src/security/apparmor/meson.build
+++ b/src/security/apparmor/meson.build
@@ -33,14 +33,3 @@ install_data(
   [ 'TEMPLATE.qemu', 'TEMPLATE.lxc' ],
   install_dir: apparmor_dir / 'libvirt',
 )
-
-if not conf.has('WITH_APPARMOR_3')
-  # We only install the empty local override for AppArmor 2.x. For
-  # AppArmor 3.x, upstream's preference is to avoid creating these
-  # files in order to limit the amount of filesystem clutter.
-  install_data(
-    'usr.lib.libvirt.virt-aa-helper.local',
-    install_dir: apparmor_dir / 'local',
-    rename: 'usr.lib.libvirt.virt-aa-helper',
-  )
-endif
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 034c042007..e3802c18be 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -1560,13 +1560,8 @@ main(int argc, char **argv)
=20
         /* create the profile from TEMPLATE */
         if (ctl->cmd =3D=3D 'c' || purged) {
-            g_autofree char *tmp =3D NULL;
-#if defined(WITH_APPARMOR_3)
-            const char *ifexists =3D "if exists ";
-#else
-            const char *ifexists =3D "";
-#endif
-            tmp =3D g_strdup_printf("  #include %s<libvirt/%s.files>\n", i=
fexists, ctl->uuid);
+            g_autofree char *tmp =3D g_strdup_printf(
+                "  #include if exists <libvirt/%s.files>\n", ctl->uuid);
=20
             if (ctl->dryrun) {
                 vah_info(profile);
--=20
2.48.1