On 6/29/23 07:14, Andrea Bolognani wrote:
An alternative to Jim's attempt[1]. See [2] for the discussion leading up to these changes. [1] https://listman.redhat.com/archives/libvir-list/2023-June/240531.html [2] https://listman.redhat.com/archives/libvir-list/2023-June/240251.html Andrea Bolognani (8): meson: Detect AppArmor 3.x apparmor: Allow version-specific bits in profiles apparmor: Allow version-specific bits in abstractions too apparmor: Only support passt on 3.x apparmor: Make abstractions extensible apparmor: Improve virt-aa-helper include apparmor: Make all profiles extensible NEWS: Mention overrides for AppArmor profiles and abstractions NEWS.rst | 8 +++ meson.build | 3 + .../apparmor/{libvirt-lxc => libvirt-lxc.in} | 4 ++ .../{libvirt-qemu => libvirt-qemu.in} | 6 ++ src/security/apparmor/meson.build | 68 ++++++++++++++++--- .../usr.lib.libvirt.virt-aa-helper.in | 5 ++ src/security/apparmor/usr.sbin.libvirtd.in | 4 ++ src/security/apparmor/usr.sbin.virtqemud.in | 4 ++ src/security/apparmor/usr.sbin.virtxend.in | 4 ++ 9 files changed, 96 insertions(+), 10 deletions(-) rename src/security/apparmor/{libvirt-lxc => libvirt-lxc.in} (98%) rename src/security/apparmor/{libvirt-qemu => libvirt-qemu.in} (98%)
Nice work! Much better than the profile duplication, although I still think zapping 2.x support is easier with my hack :-P.
Reviewed-by: Jim Fehlig <jfehlig@xxxxxxxx> Regards, Jim
