From nobody Tue Dec 16 12:42:01 2025 Delivered-To: importer@patchew.org Received-SPF: pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) client-ip=8.43.85.245; envelope-from=devel-bounces@lists.libvirt.org; helo=lists.libvirt.org; Authentication-Results: mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass(p=reject dis=none) header.from=lists.libvirt.org ARC-Seal: i=1; a=rsa-sha256; t=1743424819; cv=none; d=zohomail.com; s=zohoarc; b=ZmeIz7Pw3U10FIrHGPvBtqccXZxFnXF8q8WL4xdZhglIOXPB8xh1WyQpHqXY4dmV6FvwMLrggfVf7x35YGCPHYZfZhCvInM7/1Z1BPTxNmV6MkIxSR5LpmUwYqWLhb8jkfqSfv9e+yTmPqKAJY7OiURnU4QW1LNqP8+0S6xu/rk= ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=zohomail.com; s=zohoarc; t=1743424819; h=Content-Type:Content-Transfer-Encoding:Cc:Cc:Date:Date:From:From:In-Reply-To:List-Subscribe:List-Post:List-Id:List-Archive:List-Help:List-Unsubscribe:MIME-Version:Message-ID:Reply-To:Reply-To:References:Subject:Subject:To:To:Message-Id; bh=rcoZCDyqUAKGuVQUOGiRpWqmDuqNyml48kDMHM53GDs=; b=LN9sgYJPB5u33zRlKwH1nYILGDRi7GzzwPGK9fXAjHXjjX/M5W3st7eMuTF7QZQVoTwNlG87PFG5e2YBYhaUYWfQ8sOXItSV5W5g7k8KeJfwEswlNMNG/VS+Stv4PdPbnvmra17QQYqrvrPHZl5fFScdDV4RDVXBSZZmQiNyins= ARC-Authentication-Results: i=1; mx.zohomail.com; dkim=fail; spf=pass (zohomail.com: domain of lists.libvirt.org designates 8.43.85.245 as permitted sender) smtp.mailfrom=devel-bounces@lists.libvirt.org; dmarc=pass header.from= (p=reject dis=none) Return-Path: Received: from lists.libvirt.org (lists.libvirt.org [8.43.85.245]) by mx.zohomail.com with SMTPS id 1743424819827594.1971338421282; Mon, 31 Mar 2025 05:40:19 -0700 (PDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 4A7461364; Mon, 31 Mar 2025 08:40:19 -0400 (EDT) Received: from lists.libvirt.org (localhost [IPv6:::1]) by lists.libvirt.org (Postfix) with ESMTP id 62FE41235; Mon, 31 Mar 2025 08:37:57 -0400 (EDT) Received: by lists.libvirt.org (Postfix, from userid 996) id 48CFC11A8; Mon, 31 Mar 2025 08:37:48 -0400 (EDT) Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.129.124]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by lists.libvirt.org (Postfix) with ESMTPS id 8D32311AC for ; Mon, 31 Mar 2025 08:37:47 -0400 (EDT) Received: from mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (ec2-35-165-154-97.us-west-2.compute.amazonaws.com [35.165.154.97]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.3, cipher=TLS_AES_256_GCM_SHA384) id us-mta-495-xYHcCRWOMnOr7l27BYJzow-1; Mon, 31 Mar 2025 08:37:46 -0400 Received: from mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com [10.30.177.93]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by mx-prod-mc-08.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTPS id 10E4F1828B5F for ; Mon, 31 Mar 2025 12:37:39 +0000 (UTC) Received: from toolbx.redhat.com (unknown [10.42.28.36]) by mx-prod-int-06.mail-002.prod.us-west-2.aws.redhat.com (Postfix) with ESMTP id 34ECA180A803; Mon, 31 Mar 2025 12:37:38 +0000 (UTC) X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on lists.libvirt.org X-Spam-Level: X-Spam-Status: No, score=-0.8 required=5.0 tests=DKIM_INVALID,DKIM_SIGNED, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H5, RCVD_IN_MSPIKE_WL,RCVD_IN_VALIDITY_RPBL_BLOCKED, RCVD_IN_VALIDITY_SAFE_BLOCKED,SPF_HELO_NONE autolearn=unavailable autolearn_force=no version=3.4.4 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1743424667; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=1OeJ98Yx8uyMo+kzOhN7+IzFn+CGGPICF0ruHyJb0qQ=; b=STr//aUSuPbsE3u9PcTnmX7uluQUVUE91jpwNLaxcqg1ugr1mOQu6m8lf+V7HXiLzeTBCj JvBZ1+QmwJJ6ej59tDsYcz7MGEqkWrdJZmkRdozDBvesVC6XkBiHTwN1PDA7XHVnfqh1HB 4EUYE/FjxiornvUU2MBoaKn40mk1p8E= X-MC-Unique: xYHcCRWOMnOr7l27BYJzow-1 X-Mimecast-MFC-AGG-ID: xYHcCRWOMnOr7l27BYJzow_1743424665 To: devel@lists.libvirt.org Cc: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= Subject: [PATCH v2 4/5] Revert "apparmor: Allow version-specific bits in profiles" Date: Mon, 31 Mar 2025 13:37:30 +0100 Message-ID: <20250331123731.1020743-5-berrange@redhat.com> In-Reply-To: <20250331123731.1020743-1-berrange@redhat.com> References: <20250331123731.1020743-1-berrange@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.4.1 on 10.30.177.93 X-Mimecast-Spam-Score: 0 X-Mimecast-MFC-PROC-ID: 0CIFUPTUPjwdkiVbPAnxEYnlcM25ZQpI6s70VYcwuT4_1743424665 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Message-ID-Hash: ZNX4POJI5P2QBN2EWQO4F54XLWLYOU26 X-Message-ID-Hash: ZNX4POJI5P2QBN2EWQO4F54XLWLYOU26 X-MailFrom: berrange@redhat.com X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-config-1; header-match-config-2; header-match-config-3; header-match-devel.lists.libvirt.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; suspicious-header X-Mailman-Version: 3.2.2 Precedence: list List-Id: Development discussions about the libvirt library & tools Archived-At: List-Archive: List-Help: List-Post: List-Subscribe: List-Unsubscribe: From: =?utf-8?q?Daniel_P=2E_Berrang=C3=A9_via_Devel?= Reply-To: =?UTF-8?q?Daniel=20P=2E=20Berrang=C3=A9?= X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZM-MESSAGEID: 1743424820393019000 Content-Type: text/plain; charset="utf-8" From: Daniel P. Berrang=C3=A9 This reverts commit 19eb8abc9a4d15190852d644b773a2348f11c9da. There is no longer any need to dynamically generate version specific rules. This revert can be reverted, if the need ever arises again in the future. Signed-off-by: Daniel P. Berrang=C3=A9 --- src/security/apparmor/meson.build | 34 +------------------------------ 1 file changed, 1 insertion(+), 33 deletions(-) diff --git a/src/security/apparmor/meson.build b/src/security/apparmor/meso= n.build index 356951c7f1..18968677df 100644 --- a/src/security/apparmor/meson.build +++ b/src/security/apparmor/meson.build @@ -14,41 +14,9 @@ apparmor_gen_profiles_conf =3D configuration_data({ =20 apparmor_dir =3D sysconfdir / 'apparmor.d' =20 -# Our profiles use some features that only work well on AppArmor 3.x, -# specifically the 'include if exists' directive. In order to keep -# supporting AppArmor 2.x, the bits that are version-specific are -# enclosed in special markers and we decide which ones to include -# based on the AppArmor version detected on the host. -# -# TODO: drop the additional complexity once we no longer target -# distros that ship AppArmor 2.x (Debian 11, Ubuntu 20.04) -if conf.has('WITH_APPARMOR_3') - apparmor_gen_cmd =3D [ - 'sed', - '-e', '/[@]BEGIN_APPARMOR_3[@]/d', - '-e', '/[@]END_APPARMOR_3[@]/d', - '-e', '/[@]BEGIN_APPARMOR_2[@]/,/[@]END_APPARMOR_2[@]/d', - '@INPUT@' - ] -else - apparmor_gen_cmd =3D [ - 'sed', - '-e', '/[@]BEGIN_APPARMOR_3[@]/,/[@]END_APPARMOR_3[@]/d', - '-e', '/[@]BEGIN_APPARMOR_2[@]/d', - '-e', '/[@]END_APPARMOR_2[@]/d', - '@INPUT@' - ] -endif - foreach name : apparmor_gen_profiles - tmp =3D configure_file( - input: '@0@.in'.format(name), - output: '@0@.tmp'.format(name), - command: apparmor_gen_cmd, - capture: true, - ) configure_file( - input: tmp, + input: '@0@.in'.format(name), output: name, configuration: apparmor_gen_profiles_conf, install: true, --=20 2.48.1