Re: [PATCH] virt-aa-helper: Drop unnecessary AppArmor rule

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Wed, Aug 21, 2019 at 09:45:01AM +0200, Andrea Bolognani wrote:

Apparently /proc/self is automatically converted to /proc/@{pid}
before checking rules, which makes spelling it out explicitly
redundant.



Because it is usually a symlink.

Reviewed-by: Martin Kletzander <mkletzan@xxxxxxxxxx>


Suggested-by: Jamie Strandboge <jamie@xxxxxxxxxxxxx>
Signed-off-by: Andrea Bolognani <abologna@xxxxxxxxxx>
---
src/security/apparmor/usr.lib.libvirt.virt-aa-helper | 1 -
1 file changed, 1 deletion(-)

diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
index 64772f0756..11e9c039ca 100644
--- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
+++ b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
@@ -18,7 +18,6 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
  @{PROC}/filesystems r,

  # Used when internally running another command (namely apparmor_parser)
-  @{PROC}/self/fd/ r,
  @{PROC}/@{pid}/fd/ r,

  /etc/libnl-3/classid r,
--
2.21.0

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list

Attachment: signature.asc
Description: PGP signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux