[libvirt PATCH 0/8] apparmor: Improve overrides, fix 2.x compatibility
Jim Fehlig
jfehlig at suse.com
Thu Jun 29 20:05:18 UTC 2023
On 6/29/23 07:14, Andrea Bolognani wrote:
> An alternative to Jim's attempt[1]. See [2] for the discussion
> leading up to these changes.
>
> [1] https://listman.redhat.com/archives/libvir-list/2023-June/240531.html
> [2] https://listman.redhat.com/archives/libvir-list/2023-June/240251.html
>
> Andrea Bolognani (8):
> meson: Detect AppArmor 3.x
> apparmor: Allow version-specific bits in profiles
> apparmor: Allow version-specific bits in abstractions too
> apparmor: Only support passt on 3.x
> apparmor: Make abstractions extensible
> apparmor: Improve virt-aa-helper include
> apparmor: Make all profiles extensible
> NEWS: Mention overrides for AppArmor profiles and abstractions
>
> NEWS.rst | 8 +++
> meson.build | 3 +
> .../apparmor/{libvirt-lxc => libvirt-lxc.in} | 4 ++
> .../{libvirt-qemu => libvirt-qemu.in} | 6 ++
> src/security/apparmor/meson.build | 68 ++++++++++++++++---
> .../usr.lib.libvirt.virt-aa-helper.in | 5 ++
> src/security/apparmor/usr.sbin.libvirtd.in | 4 ++
> src/security/apparmor/usr.sbin.virtqemud.in | 4 ++
> src/security/apparmor/usr.sbin.virtxend.in | 4 ++
> 9 files changed, 96 insertions(+), 10 deletions(-)
> rename src/security/apparmor/{libvirt-lxc => libvirt-lxc.in} (98%)
> rename src/security/apparmor/{libvirt-qemu => libvirt-qemu.in} (98%)
>
Nice work! Much better than the profile duplication, although I still think
zapping 2.x support is easier with my hack :-P.
Reviewed-by: Jim Fehlig <jfehlig at suse.com>
Regards,
Jim
More information about the libvir-list
mailing list