Re: [PATCH 1/2] Teach AppArmor, that /usr/lib64 may exist.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, 2015-01-04 at 10:00 -0600, Jamie Strandboge wrote:
> On 12/30/2014 04:33 AM, Cédric Bosdonnat wrote:
> > The apparmor profiles forgot about /usr/lib64 folders, just add lib64
> > as a possible alternative to lib in the paths
> 
> These changes all look good to me. +1

Pushed, then.
Thanks for the review.

> > ---
> >  examples/apparmor/libvirt-qemu                   | 2 +-
> >  examples/apparmor/usr.lib.libvirt.virt-aa-helper | 4 ++--
> >  examples/apparmor/usr.sbin.libvirtd              | 4 ++--
> >  3 files changed, 5 insertions(+), 5 deletions(-)
> > 
> > diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
> > index c6de6dd..7aad391 100644
> > --- a/examples/apparmor/libvirt-qemu
> > +++ b/examples/apparmor/libvirt-qemu
> > @@ -111,7 +111,7 @@
> >    /usr/bin/qemu-sparc32plus rmix,
> >    /usr/bin/qemu-sparc64 rmix,
> >    /usr/bin/qemu-x86_64 rmix,
> > -  /usr/lib/qemu/block-curl.so mr,
> > +  /usr/{lib,lib64}/qemu/block-curl.so mr,
> >  
> >    # for save and resume
> >    /bin/dash rmix,
> > diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
> > index bceaaff..b34fb35 100644
> > --- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper
> > +++ b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
> > @@ -1,7 +1,7 @@
> >  # Last Modified: Mon Apr  5 15:10:27 2010
> >  #include <tunables/global>
> >  
> > -/usr/lib/libvirt/virt-aa-helper {
> > +profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
> >    #include <abstractions/base>
> >  
> >    # needed for searching directories
> > @@ -20,7 +20,7 @@
> >    /sys/devices/ r,
> >    /sys/devices/** r,
> >  
> > -  /usr/lib/libvirt/virt-aa-helper mr,
> > +  /usr/{lib,lib64}/libvirt/virt-aa-helper mr,
> >    /sbin/apparmor_parser Ux,
> >  
> >    /etc/apparmor.d/libvirt/* r,
> > diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd
> > index 3011eff..7151052 100644
> > --- a/examples/apparmor/usr.sbin.libvirtd
> > +++ b/examples/apparmor/usr.sbin.libvirtd
> > @@ -44,7 +44,7 @@
> >    /usr/bin/* PUx,
> >    /usr/sbin/* PUx,
> >    /lib/udev/scsi_id PUx,
> > -  /usr/lib/xen-common/bin/xen-toolstack PUx,
> > +  /usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx,
> >  
> >    # force the use of virt-aa-helper
> >    audit deny /sbin/apparmor_parser rwxl,
> > @@ -53,7 +53,7 @@
> >    audit deny /sys/kernel/security/apparmor/matching rwxl,
> >    audit deny /sys/kernel/security/apparmor/.* rwxl,
> >    /sys/kernel/security/apparmor/profiles r,
> > -  /usr/lib/libvirt/* PUxr,
> > +  /usr/{lib,lib64}/libvirt/* PUxr,
> >    /etc/libvirt/hooks/** rmix,
> >    /etc/xen/scripts/** rmix,
> >  
> > 
> 
> 
> --
> libvir-list mailing list
> libvir-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/libvir-list


--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]