<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Jan 30, 2020 at 8:06 AM Michal Privoznik <<a href="mailto:mprivozn@redhat.com">mprivozn@redhat.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">The profile name should reflect the path under which the binary<br>
it describes is installed.<br>
<br>
Signed-off-by: Michal Privoznik <<a href="mailto:mprivozn@redhat.com" target="_blank">mprivozn@redhat.com</a>><br>
---<br>
 src/security/<a href="http://Makefile.inc.am" rel="noreferrer" target="_blank">Makefile.inc.am</a>                           | 10 +++++-----<br>
 ...bvirt.virt-aa-helper => usr.libexec.virt-aa-helper} |  4 ++--<br>
 2 files changed, 7 insertions(+), 7 deletions(-)<br>
 rename src/security/apparmor/{usr.lib.libvirt.virt-aa-helper => usr.libexec.virt-aa-helper} (93%)<br>
<br>
diff --git a/src/security/<a href="http://Makefile.inc.am" rel="noreferrer" target="_blank">Makefile.inc.am</a> b/src/security/<a href="http://Makefile.inc.am" rel="noreferrer" target="_blank">Makefile.inc.am</a><br>
index 6fe9d50f29..02efefd6d6 100644<br>
--- a/src/security/<a href="http://Makefile.inc.am" rel="noreferrer" target="_blank">Makefile.inc.am</a><br>
+++ b/src/security/<a href="http://Makefile.inc.am" rel="noreferrer" target="_blank">Makefile.inc.am</a><br>
@@ -38,7 +38,7 @@ EXTRA_DIST += \<br>
        security/apparmor/TEMPLATE.lxc \<br>
        security/apparmor/libvirt-qemu \<br>
        security/apparmor/libvirt-lxc \<br>
-       security/apparmor/usr.lib.libvirt.virt-aa-helper \<br>
+       security/apparmor/usr.libexec.virt-aa-helper \<br></blockquote><div><br></div><div>Again - probably better to make it dependent on --libexecdir configure option.</div><div>The old path matches the real Ubuntu path, so "for me" that would be a regression making me carry a revert.</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
        security/apparmor/usr.sbin.libvirtd \<br>
        $(NULL)<br>
<br>
@@ -91,7 +91,7 @@ endif WITH_SECDRIVER_APPARMOR<br>
 if WITH_APPARMOR_PROFILES<br>
 apparmordir = $(sysconfdir)/apparmor.d/<br>
 apparmor_DATA = \<br>
-       security/apparmor/usr.lib.libvirt.virt-aa-helper \<br>
+       security/apparmor/usr.libexec.virt-aa-helper \<br>
        security/apparmor/usr.sbin.libvirtd \<br>
        $(NULL)<br>
<br>
@@ -111,11 +111,11 @@ APPARMOR_LOCAL_DIR = "$(DESTDIR)$(apparmordir)/local"<br>
 install-apparmor-local:<br>
        $(MKDIR_P) "$(APPARMOR_LOCAL_DIR)"<br>
        echo "# Site-specific additions and overrides for \<br>
-               'usr.lib.libvirt.virt-aa-helper'" \<br>
-               >"$(APPARMOR_LOCAL_DIR)/usr.lib.libvirt.virt-aa-helper"<br>
+               'usr.libexec.virt-aa-helper'" \<br>
+               >"$(APPARMOR_LOCAL_DIR)/usr.libexec.virt-aa-helper"<br>
<br>
 uninstall-apparmor-local:<br>
-       rm -f "$(APPARMOR_LOCAL_DIR)/usr.lib.libvirt.virt-aa-helper"<br>
+       rm -f "$(APPARMOR_LOCAL_DIR)/usr.libexec.virt-aa-helper"<br>
        rmdir "$(APPARMOR_LOCAL_DIR)" || :<br>
<br>
 INSTALL_DATA_LOCAL += install-apparmor-local<br>
diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper b/src/security/apparmor/usr.libexec.virt-aa-helper<br>
similarity index 93%<br>
rename from src/security/apparmor/usr.lib.libvirt.virt-aa-helper<br>
rename to src/security/apparmor/usr.libexec.virt-aa-helper<br>
index ca1f6ca083..72a2fecebe 100644<br>
--- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper<br>
+++ b/src/security/apparmor/usr.libexec.virt-aa-helper<br>
@@ -1,7 +1,7 @@<br>
 # Last Modified: Mon Apr  5 15:10:27 2010<br>
 #include <tunables/global><br>
<br>
-profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {<br>
+profile virt-aa-helper /usr/{lib,lib64,libexec}/libvirt/virt-aa-helper {<br>
   #include <abstractions/base><br>
<br>
   # needed for searching directories<br>
@@ -70,5 +70,5 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {<br>
   /**.[iI][sS][oO] r,<br>
   /**/disk{,.*} r,<br>
<br>
-  #include <local/usr.lib.libvirt.virt-aa-helper><br>
+  #include <local/usr.libexec.virt-aa-helper><br>
 }<br>
-- <br>
2.24.1<br>
<br>
</blockquote></div><br clear="all"><div><br></div>-- <br><div dir="ltr" class="gmail_signature">Christian Ehrhardt<br>Staff Engineer, Ubuntu Server<br>Canonical Ltd</div></div>