[PATCH] apparmor: Allow /usr/libexec for libxl-save-helper and pygrub

Christian Ehrhardt christian.ehrhardt at canonical.com
Thu Sep 24 06:45:23 UTC 2020


On Wed, Sep 23, 2020 at 6:45 PM Jim Fehlig <jfehlig at suse.com> wrote:
>
> On 9/23/20 7:51 AM, Jim Fehlig wrote:
> > On 9/23/20 7:26 AM, Christian Ehrhardt wrote:
> >> On Wed, Sep 23, 2020 at 12:35 AM Jim Fehlig <jfehlig at suse.com> wrote:
> >>>
> >>> Like other distros, openSUSE Tumbleweed recently changed libexecdir from
> >>> /usr/lib to /usr/libexec. Add it as an allowed path for libxl-save-helper
> >>> and pygrub.
> >>
> >> Hi Jim,
> >> ack to the intention, but I think since this should use @libexecdir@ I think.
> >> Or did anything change that this doesn't apply anymore ... in that
> >> case I beg your pardon.
> >>
> >> [1]:
> >> https://libvirt.org/git/?p=libvirt.git;a=commit;h=5c8bd31c881e99261ac098e867a79b300440731a
> >>
> >
> > Heh, I see that skipped over the xen stuff :-). I'll send a V2 later.
>
> Thinking about it more, perhaps it is best to go with this V1 patch since these
> are not files provided by libvirt but xen, where conceivably libvirt and xen
> could be built with different libexecdir? IMO it would be best to explicitly
> list the known paths distros have used for libxl-save-helper and pygrub.

You are right, and in >99% of the cases it will be one of the two
paths you have in your rule anyway.
Sorry for the detour Jim

Reviewed-by: Christian Ehrhardt <christian.ehrhardt at canonical.com>


> Regards,
> Jim
>


-- 
Christian Ehrhardt
Staff Engineer, Ubuntu Server
Canonical Ltd




More information about the libvir-list mailing list