The profile name should reflect the path under which the binary
it describes is installed.
Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
src/security/Makefile.inc.am | 10 +++++-----
...bvirt.virt-aa-helper => usr.libexec.virt-aa-helper} | 4 ++--
2 files changed, 7 insertions(+), 7 deletions(-)
rename src/security/apparmor/{usr.lib.libvirt.virt-aa-helper => usr.libexec.virt-aa-helper} (93%)
diff --git a/src/security/Makefile.inc.am b/src/security/Makefile.inc.am
index 6fe9d50f29..02efefd6d6 100644
--- a/src/security/Makefile.inc.am
+++ b/src/security/Makefile.inc.am
@@ -38,7 +38,7 @@ EXTRA_DIST += \
security/apparmor/TEMPLATE.lxc \
security/apparmor/libvirt-qemu \
security/apparmor/libvirt-lxc \
- security/apparmor/usr.lib.libvirt.virt-aa-helper \
+ security/apparmor/usr.libexec.virt-aa-helper \
security/apparmor/usr.sbin.libvirtd \
$(NULL)
@@ -91,7 +91,7 @@ endif WITH_SECDRIVER_APPARMOR
if WITH_APPARMOR_PROFILES
apparmordir = $(sysconfdir)/apparmor.d/
apparmor_DATA = \
- security/apparmor/usr.lib.libvirt.virt-aa-helper \
+ security/apparmor/usr.libexec.virt-aa-helper \
security/apparmor/usr.sbin.libvirtd \
$(NULL)
@@ -111,11 +111,11 @@ APPARMOR_LOCAL_DIR = "$(DESTDIR)$(apparmordir)/local"
install-apparmor-local:
$(MKDIR_P) "$(APPARMOR_LOCAL_DIR)"
echo "# Site-specific additions and overrides for \
- 'usr.lib.libvirt.virt-aa-helper'" \
- >"$(APPARMOR_LOCAL_DIR)/usr.lib.libvirt.virt-aa-helper"
+ 'usr.libexec.virt-aa-helper'" \
+ >"$(APPARMOR_LOCAL_DIR)/usr.libexec.virt-aa-helper"
uninstall-apparmor-local:
- rm -f "$(APPARMOR_LOCAL_DIR)/usr.lib.libvirt.virt-aa-helper"
+ rm -f "$(APPARMOR_LOCAL_DIR)/usr.libexec.virt-aa-helper"
rmdir "$(APPARMOR_LOCAL_DIR)" || :
INSTALL_DATA_LOCAL += install-apparmor-local
diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper b/src/security/apparmor/usr.libexec.virt-aa-helper
similarity index 93%
rename from src/security/apparmor/usr.lib.libvirt.virt-aa-helper
rename to src/security/apparmor/usr.libexec.virt-aa-helper
index ca1f6ca083..72a2fecebe 100644
--- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
+++ b/src/security/apparmor/usr.libexec.virt-aa-helper
@@ -1,7 +1,7 @@
# Last Modified: Mon Apr 5 15:10:27 2010
#include <tunables/global>
-profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
+profile virt-aa-helper /usr/{lib,lib64,libexec}/libvirt/virt-aa-helper {
#include <abstractions/base>
# needed for searching directories
@@ -70,5 +70,5 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
/**.[iI][sS][oO] r,
/**/disk{,.*} r,
- #include <local/usr.lib.libvirt.virt-aa-helper>
+ #include <local/usr.libexec.virt-aa-helper>
}
--
2.24.1
On Thu, Jan 30, 2020 at 8:06 AM Michal Privoznik <mprivozn@redhat.com>
wrote:
> The profile name should reflect the path under which the binary
> it describes is installed.
>
> Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
> ---
> src/security/Makefile.inc.am | 10 +++++-----
> ...bvirt.virt-aa-helper => usr.libexec.virt-aa-helper} | 4 ++--
> 2 files changed, 7 insertions(+), 7 deletions(-)
> rename src/security/apparmor/{usr.lib.libvirt.virt-aa-helper =>
> usr.libexec.virt-aa-helper} (93%)
>
> diff --git a/src/security/Makefile.inc.am b/src/security/Makefile.inc.am
> index 6fe9d50f29..02efefd6d6 100644
> --- a/src/security/Makefile.inc.am
> +++ b/src/security/Makefile.inc.am
> @@ -38,7 +38,7 @@ EXTRA_DIST += \
> security/apparmor/TEMPLATE.lxc \
> security/apparmor/libvirt-qemu \
> security/apparmor/libvirt-lxc \
> - security/apparmor/usr.lib.libvirt.virt-aa-helper \
> + security/apparmor/usr.libexec.virt-aa-helper \
>
Again - probably better to make it dependent on --libexecdir configure
option.
The old path matches the real Ubuntu path, so "for me" that would be a
regression making me carry a revert.
> security/apparmor/usr.sbin.libvirtd \
> $(NULL)
>
> @@ -91,7 +91,7 @@ endif WITH_SECDRIVER_APPARMOR
> if WITH_APPARMOR_PROFILES
> apparmordir = $(sysconfdir)/apparmor.d/
> apparmor_DATA = \
> - security/apparmor/usr.lib.libvirt.virt-aa-helper \
> + security/apparmor/usr.libexec.virt-aa-helper \
> security/apparmor/usr.sbin.libvirtd \
> $(NULL)
>
> @@ -111,11 +111,11 @@ APPARMOR_LOCAL_DIR = "$(DESTDIR)$(apparmordir)/local"
> install-apparmor-local:
> $(MKDIR_P) "$(APPARMOR_LOCAL_DIR)"
> echo "# Site-specific additions and overrides for \
> - 'usr.lib.libvirt.virt-aa-helper'" \
> - >"$(APPARMOR_LOCAL_DIR)/usr.lib.libvirt.virt-aa-helper"
> + 'usr.libexec.virt-aa-helper'" \
> + >"$(APPARMOR_LOCAL_DIR)/usr.libexec.virt-aa-helper"
>
> uninstall-apparmor-local:
> - rm -f "$(APPARMOR_LOCAL_DIR)/usr.lib.libvirt.virt-aa-helper"
> + rm -f "$(APPARMOR_LOCAL_DIR)/usr.libexec.virt-aa-helper"
> rmdir "$(APPARMOR_LOCAL_DIR)" || :
>
> INSTALL_DATA_LOCAL += install-apparmor-local
> diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
> b/src/security/apparmor/usr.libexec.virt-aa-helper
> similarity index 93%
> rename from src/security/apparmor/usr.lib.libvirt.virt-aa-helper
> rename to src/security/apparmor/usr.libexec.virt-aa-helper
> index ca1f6ca083..72a2fecebe 100644
> --- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
> +++ b/src/security/apparmor/usr.libexec.virt-aa-helper
> @@ -1,7 +1,7 @@
> # Last Modified: Mon Apr 5 15:10:27 2010
> #include <tunables/global>
>
> -profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
> +profile virt-aa-helper /usr/{lib,lib64,libexec}/libvirt/virt-aa-helper {
> #include <abstractions/base>
>
> # needed for searching directories
> @@ -70,5 +70,5 @@ profile virt-aa-helper
> /usr/{lib,lib64}/libvirt/virt-aa-helper {
> /**.[iI][sS][oO] r,
> /**/disk{,.*} r,
>
> - #include <local/usr.lib.libvirt.virt-aa-helper>
> + #include <local/usr.libexec.virt-aa-helper>
> }
> --
> 2.24.1
>
>
--
Christian Ehrhardt
Staff Engineer, Ubuntu Server
Canonical Ltd
© 2016 - 2026 Red Hat, Inc.