[libvirt] [PATCH] virt-aa-helper: Actually fix AppArmor profile
Andrea Bolognani
abologna at redhat.com
Wed Aug 21 07:21:30 UTC 2019
On Tue, 2019-08-20 at 12:09 -0500, Jamie Strandboge wrote:
> On Tue, 20 Aug 2019, Andrea Bolognani wrote:
> > # Used when internally running another command (namely apparmor_parser)
> > + @{PROC}/self/fd/ r,
>
> /proc/self is a 'magic symlink' and apparmor will resolve symlinks
> before performing checks. As such, @{PROC}/self/fd/ is redundant with
> the next rule.
>
> > + @{PROC}/@{pid}/fd/ r,
>
> This access LGTM. +1 to apply.
Well, it's already been merged:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=9c2446ed4a81450f6482f259f9a0cf720cb0e423
I'll post a patch removing the unnecessary rule.
--
Andrea Bolognani / Red Hat / Virtualization
More information about the libvir-list
mailing list