[PATCH V2 2/3] apparmor: Remove support for passt from apparmor 2.x
Jim Fehlig
jfehlig at suse.com
Wed Jun 28 23:15:28 UTC 2023
Commit 7a39b04d683f introduced support for passt in the qemu apparmor
abstraction, but it contains an 'include if exists' directive that is
only stable on apparmor 3.x. Remove support for passt from the 2.x
variant of the abstraction.
Signed-off-by: Jim Fehlig <jfehlig at suse.com>
---
src/security/apparmor-2/libvirt-qemu | 15 ---------------
1 file changed, 15 deletions(-)
diff --git a/src/security/apparmor-2/libvirt-qemu b/src/security/apparmor-2/libvirt-qemu
index 44056b5f14..9af1333b22 100644
--- a/src/security/apparmor-2/libvirt-qemu
+++ b/src/security/apparmor-2/libvirt-qemu
@@ -185,21 +185,6 @@
/usr/{lib,lib64}/libswtpm_libtpms.so mr,
/usr/lib/@{multiarch}/libswtpm_libtpms.so mr,
- # support for passt network back-end
- /usr/bin/passt Cx -> passt,
-
- profile passt {
- /usr/bin/passt r,
-
- signal (receive) set=("term") peer=/usr/sbin/libvirtd,
- signal (receive) set=("term") peer=libvirtd,
- signal (receive) set=("term") peer=virtqemud,
-
- owner /{,var/}run/libvirt/qemu/passt/* rw,
-
- include if exists <abstractions/passt>
- }
-
# for save and resume
/{usr/,}bin/dash rmix,
/{usr/,}bin/dd rmix,
--
2.41.0
More information about the libvir-list
mailing list