Rules generated for a path like '/' were having '//' which isn't correct for apparmor. Make virt-aa-helper smarter to avoid these. --- src/security/virt-aa-helper.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c index 13f8a6a..9e18343 100644 --- a/src/security/virt-aa-helper.c +++ b/src/security/virt-aa-helper.c @@ -795,6 +795,9 @@ vah_add_path(virBufferPtr buf, const char *path, const char *perms, bool recursi goto cleanup; } + if (tmp[strlen(tmp) - 1] == '/') + tmp[strlen(tmp) - 1] = '\0'; + virBufferAsprintf(buf, " \"%s%s\" %s,\n", tmp, recursive ? "/**" : "", perms); if (readonly) { virBufferAddLit(buf, " # don't audit writes to readonly files\n"); -- 2.1.4 -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list