When generating paths for a domain specific AppArmor profile each
path undergoes a validation where it's matched against an array
of well known prefixes (among other things). Now, for
OVMF/AAVMF/... images we have a list and some entries have
comments to which type of image the entry belongs to. For
instance:
"/usr/share/OVMF/", /* for OVMF images */
"/usr/share/AAVMF/", /* for AAVMF images */
But these comments are pretty useless. The path itself already
gives away the image type. Drop them.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/security/virt-aa-helper.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index a3f85d26b0..c1e89dc6cf 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -475,15 +475,15 @@ valid_path(const char *path, const bool readonly)
"/initrd",
"/initrd.img",
"/usr/share/edk2/",
- "/usr/share/edk2-ovmf/", /* for OVMF images */
- "/usr/share/OVMF/", /* for OVMF images */
- "/usr/share/ovmf/", /* for OVMF images */
- "/usr/share/AAVMF/", /* for AAVMF images */
+ "/usr/share/edk2-ovmf/",
+ "/usr/share/OVMF/",
+ "/usr/share/ovmf/",
+ "/usr/share/AAVMF/",
"/usr/share/qemu-efi/", /* for AAVMF images */
- "/usr/share/qemu-efi-aarch64/", /* for AAVMF images */
+ "/usr/share/qemu-efi-aarch64/",
"/usr/share/qemu/", /* SUSE path for OVMF and AAVMF images */
- "/usr/lib/u-boot/", /* u-boot loaders for qemu */
- "/usr/lib/riscv64-linux-gnu/opensbi" /* RISC-V SBI implementation */
+ "/usr/lib/u-boot/",
+ "/usr/lib/riscv64-linux-gnu/opensbi",
};
/* override the above with these */
const char * const override[] = {
--
2.44.2
On 7/9/24 04:04, Michal Privoznik wrote: > When generating paths for a domain specific AppArmor profile each > path undergoes a validation where it's matched against an array > of well known prefixes (among other things). Now, for > OVMF/AAVMF/... images we have a list and some entries have > comments to which type of image the entry belongs to. For > instance: > > "/usr/share/OVMF/", /* for OVMF images */ > "/usr/share/AAVMF/", /* for AAVMF images */ > > But these comments are pretty useless. The path itself already > gives away the image type. Drop them. > > Signed-off-by: Michal Privoznik <mprivozn@redhat.com> Reviewed-by: Jim Fehlig <jfehlig@suse.com> > --- > src/security/virt-aa-helper.c | 14 +++++++------- > 1 file changed, 7 insertions(+), 7 deletions(-) > > diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c > index a3f85d26b0..c1e89dc6cf 100644 > --- a/src/security/virt-aa-helper.c > +++ b/src/security/virt-aa-helper.c > @@ -475,15 +475,15 @@ valid_path(const char *path, const bool readonly) > "/initrd", > "/initrd.img", > "/usr/share/edk2/", > - "/usr/share/edk2-ovmf/", /* for OVMF images */ Short lived comment :-). Jim > - "/usr/share/OVMF/", /* for OVMF images */ > - "/usr/share/ovmf/", /* for OVMF images */ > - "/usr/share/AAVMF/", /* for AAVMF images */ > + "/usr/share/edk2-ovmf/", > + "/usr/share/OVMF/", > + "/usr/share/ovmf/", > + "/usr/share/AAVMF/", > "/usr/share/qemu-efi/", /* for AAVMF images */ > - "/usr/share/qemu-efi-aarch64/", /* for AAVMF images */ > + "/usr/share/qemu-efi-aarch64/", > "/usr/share/qemu/", /* SUSE path for OVMF and AAVMF images */ > - "/usr/lib/u-boot/", /* u-boot loaders for qemu */ > - "/usr/lib/riscv64-linux-gnu/opensbi" /* RISC-V SBI implementation */ > + "/usr/lib/u-boot/", > + "/usr/lib/riscv64-linux-gnu/opensbi", > }; > /* override the above with these */ > const char * const override[] = {
© 2016 - 2024 Red Hat, Inc.