Re: [libvirt PATCH] apparmor: Enable passt support

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Mar 07, 2023 at 07:04:25PM +0000, Daniel P. Berrangé wrote:
> On Tue, Mar 07, 2023 at 08:02:37PM +0100, Andrea Bolognani wrote:
> > +  # support for passt network back-end
> > +  /usr/bin/passt Cx -> passt,
> > +
> > +  profile passt {
> > +    /usr/bin/passt r,
> > +
> > +    signal (receive) set=("term") peer=/usr/sbin/libvirtd,
> > +    signal (receive) set=("term") peer=libvirtd,
>
> What's the rationale for having both qualified & unqualified
> here, but not below ?

Cargo cult. That's what the top-level profile does, so I figured it
would be good enough for the subprofile too.

I've seen stuff like peer=(label=libvirtd) as well, but I haven't
investigated the various notations and how exactly they differ.

There's plenty of room for improvement in the AppArmor profile in
general, but that's a task for another day :)

-- 
Andrea Bolognani / Red Hat / Virtualization





[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]

  Powered by Linux