[PATCH 4/6] apparmor: Rename virt-aa-helper profile

Jamie Strandboge jamie at canonical.com
Mon Jan 27 16:36:35 UTC 2020 

On Sat, 25 Jan 2020, Michal Privoznik wrote:

> The profile name should reflect the path under which the binary
> it describes is installed.
> 
> Signed-off-by: Michal Privoznik <mprivozn at redhat.com>
> ---
>  src/security/Makefile.inc.am                           | 10 +++++-----
>  ...bvirt.virt-aa-helper => usr.libexec.virt-aa-helper} |  4 ++--
>  2 files changed, 7 insertions(+), 7 deletions(-)
>  rename src/security/apparmor/{usr.lib.libvirt.virt-aa-helper => usr.libexec.virt-aa-helper} (93%)
> 
> diff --git a/src/security/Makefile.inc.am b/src/security/Makefile.inc.am
> index 6fe9d50f29..02efefd6d6 100644
> --- a/src/security/Makefile.inc.am
> +++ b/src/security/Makefile.inc.am
> @@ -38,7 +38,7 @@ EXTRA_DIST += \
>  	security/apparmor/TEMPLATE.lxc \
>  	security/apparmor/libvirt-qemu \
>  	security/apparmor/libvirt-lxc \
> -	security/apparmor/usr.lib.libvirt.virt-aa-helper \
> +	security/apparmor/usr.libexec.virt-aa-helper \
>  	security/apparmor/usr.sbin.libvirtd \
>  	$(NULL)
>  
> @@ -91,7 +91,7 @@ endif WITH_SECDRIVER_APPARMOR
>  if WITH_APPARMOR_PROFILES
>  apparmordir = $(sysconfdir)/apparmor.d/
>  apparmor_DATA = \
> -	security/apparmor/usr.lib.libvirt.virt-aa-helper \
> +	security/apparmor/usr.libexec.virt-aa-helper \
>  	security/apparmor/usr.sbin.libvirtd \
>  	$(NULL)
>  
> @@ -111,11 +111,11 @@ APPARMOR_LOCAL_DIR = "$(DESTDIR)$(apparmordir)/local"
>  install-apparmor-local:
>  	$(MKDIR_P) "$(APPARMOR_LOCAL_DIR)"
>  	echo "# Site-specific additions and overrides for \
> -		'usr.lib.libvirt.virt-aa-helper'" \
> -		>"$(APPARMOR_LOCAL_DIR)/usr.lib.libvirt.virt-aa-helper"
> +		'usr.libexec.virt-aa-helper'" \
> +		>"$(APPARMOR_LOCAL_DIR)/usr.libexec.virt-aa-helper"
>  
>  uninstall-apparmor-local:
> -	rm -f "$(APPARMOR_LOCAL_DIR)/usr.lib.libvirt.virt-aa-helper"
> +	rm -f "$(APPARMOR_LOCAL_DIR)/usr.libexec.virt-aa-helper"
>  	rmdir "$(APPARMOR_LOCAL_DIR)" || :
>  
>  INSTALL_DATA_LOCAL += install-apparmor-local
> diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper b/src/security/apparmor/usr.libexec.virt-aa-helper
> similarity index 93%
> rename from src/security/apparmor/usr.lib.libvirt.virt-aa-helper
> rename to src/security/apparmor/usr.libexec.virt-aa-helper
> index 504c70e0ce..25754037e1 100644
> --- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
> +++ b/src/security/apparmor/usr.libexec.virt-aa-helper
> @@ -1,7 +1,7 @@
>  # Last Modified: Mon Apr  5 15:10:27 2010
>  #include <tunables/global>
>  
> -profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
> +profile virt-aa-helper /usr/libexec/virt-aa-helper {

I suggest using this for the previous reasons:

profile virt-aa-helper /usr/{lib,lib64,libexec}/libvirt/virt-aa-helper {

The filename rename is fine though (the filename doesn't have to match
the profile name or binary attachment, so picking what we expect to be
the normal use case is fine).

>    #include <abstractions/base>
>  
>    # needed for searching directories
> @@ -70,5 +70,5 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
>    /**.[iI][sS][oO] r,
>    /**/disk{,.*} r,
>  
> -  #include <local/usr.lib.libvirt.virt-aa-helper>
> +  #include <local/usr.libexec.virt-aa-helper>
>  }
> -- 
> 2.24.1
> 
-- 
Jamie Strandboge             | http://www.canonical.com

More information about the libvir-list mailing list