[libvirt] [PATCH] virt-aa-helper: Drop unnecessary AppArmor rule
Martin Kletzander
mkletzan at redhat.com
Wed Aug 21 13:10:47 UTC 2019
On Wed, Aug 21, 2019 at 09:45:01AM +0200, Andrea Bolognani wrote:
>Apparently /proc/self is automatically converted to /proc/@{pid}
>before checking rules, which makes spelling it out explicitly
>redundant.
>
Because it is usually a symlink.
Reviewed-by: Martin Kletzander <mkletzan at redhat.com>
>Suggested-by: Jamie Strandboge <jamie at canonical.com>
>Signed-off-by: Andrea Bolognani <abologna at redhat.com>
>---
> src/security/apparmor/usr.lib.libvirt.virt-aa-helper | 1 -
> 1 file changed, 1 deletion(-)
>
>diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
>index 64772f0756..11e9c039ca 100644
>--- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
>+++ b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
>@@ -18,7 +18,6 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
> @{PROC}/filesystems r,
>
> # Used when internally running another command (namely apparmor_parser)
>- @{PROC}/self/fd/ r,
> @{PROC}/@{pid}/fd/ r,
>
> /etc/libnl-3/classid r,
>--
>2.21.0
>
>--
>libvir-list mailing list
>libvir-list at redhat.com
>https://www.redhat.com/mailman/listinfo/libvir-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20190821/d46cd035/attachment-0001.sig>
More information about the libvir-list
mailing list