Re: [libvirt] [PATCH] virt-aa-helper: Actually fix AppArmor profile

2019-08-21 Thread Andrea Bolognani
On Tue, 2019-08-20 at 12:09 -0500, Jamie Strandboge wrote: > On Tue, 20 Aug 2019, Andrea Bolognani wrote: > ># Used when internally running another command (namely apparmor_parser) > > + @{PROC}/self/fd/ r, > > /proc/self is a 'magic symlink' and apparmor will resolve symlinks > before perfor

Re: [libvirt] [PATCH] virt-aa-helper: Actually fix AppArmor profile

2019-08-20 Thread Jamie Strandboge
On Tue, 20 Aug 2019, Andrea Bolognani wrote: > --- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper > +++ b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper > @@ -18,8 +18,8 @@ profile virt-aa-helper > /usr/{lib,lib64}/libvirt/virt-aa-helper { >@{PROC}/filesystems r, > ># Used

Re: [libvirt] [PATCH] virt-aa-helper: Actually fix AppArmor profile

2019-08-20 Thread Ján Tomko
On Tue, Aug 20, 2019 at 09:56:26AM +0200, Andrea Bolognani wrote: Tried previously in commit b1eb8b3e8fd1d4cb1da8e5e2b16f2c10837fd823 Author: Andrea Bolognani Date: Mon Aug 19 10:23:42 2019 +0200 virt-aa-helper: Fix AppArmor profile v5.6.0-243-gb1eb8b3e8f with somewhat disappointing

[libvirt] [PATCH] virt-aa-helper: Actually fix AppArmor profile

2019-08-20 Thread Andrea Bolognani
Tried previously in commit b1eb8b3e8fd1d4cb1da8e5e2b16f2c10837fd823 Author: Andrea Bolognani Date: Mon Aug 19 10:23:42 2019 +0200 virt-aa-helper: Fix AppArmor profile v5.6.0-243-gb1eb8b3e8f with somewhat disappointing results. Signed-off-by: Andrea Bolognani --- src/security/a