On 6/8/23 08:11, Andrea Bolognani wrote:
On Tue, Jun 06, 2023 at 04:06:12PM -0600, Jim Fehlig wrote:
Apparmor profiles in /etc/apparmor.d/ are config files that can and should
be replaced on package upgrade, which introduces the potential to overwrite
any local changes. Apparmor supports local profile customizations via
/etc/apparmor.d/local/<service> [1].
This change makes the support explicit by adding libvirtd, virtqemud, and
virtxend profile customization stubs to /etc/apparmor.d/local/. The stubs
are conditionally included by the corresponding main profiles.
[1] https://ubuntu.com/server/docs/security-apparmor
See "Profile customization" section
Signed-off-by: Jim Fehlig <jfehlig@xxxxxxxx>
---
This patch was inspired by an internal bug report. The SUSE libvirt package
has marked /etc/apparmor.d/<some-libvirt-service> profiles as
'config(noreplace)' for as long as I can remember. On rare occasions a
profile receives a change that is required to avoid regression. And on rarer
occasions a user might have made local customizations to the profile. With
'noreplace', the trap is set for the user to experience the regression.
Unless other apparmor users convince me otherwise, I'm planning to make
this change in the SUSE package, along with changing the main
/etc/apparmor.d/ profiles to 'config' and using 'config(noreplace)' for the
local customizations only.
Note: I'm fine keeping this as a downstream-only patch if upstream isn't
interested in the clutter.
I think this is a good change.
Note that the Debian package has included this patch[1] for many
years, and while it partially overlaps with what you've added here, I
see that local overrides for abstractions are missing.
Is there a specific reason why you skipped them? Or should we add
those too?
I assumed users would make VM customizations in the per-VM profiles. And I
suppose overrides of abstractions seems a little odd to me, but that's
subjective :-). I'm fine adding it if there's agreement.
Regards,
Jim
