Revert "apparmor: Add support for local profile customizations"

As it turns out, apparmor 2.x and 3.x behave differently or have differing levels of support for local customizations of profiles and profile abstractions. Additionally the apparmor 2.x tools do not cope well with 'include if exists'. Revert this commit until a more complete solution is developed that works with old and new apparmor. Reverts: 9b743ee190 Signed-off-by: Jim Fehlig <jfehlig@suse.com> Reviewed-by: Andrea Bolognani <abologna@redhat.com>
2024-07-01 15:42:39 +00:00 · 2023-06-27 17:09:15 -06:00 · 2023-06-27 17:09:15 -06:00 · d7fb8deb6a
commit d7fb8deb6a
parent d725932a28
7 changed files with 5 additions and 19 deletions
--- a/src/security/apparmor/meson.build
+++ b/src/security/apparmor/meson.build
@ -34,10 +34,8 @@ install_data(
  install_dir: apparmor_dir / 'libvirt',
 )

-foreach name : apparmor_gen_profiles
-  install_data(
-    '@0@.local'.format(name),
-    install_dir: apparmor_dir / 'local',
-    rename: name,
-  )
-endforeach
+install_data(
+  'usr.lib.libvirt.virt-aa-helper.local',
+  install_dir: apparmor_dir / 'local',
+  rename: 'usr.lib.libvirt.virt-aa-helper',
+)
--- a/src/security/apparmor/usr.sbin.libvirtd.in
+++ b/src/security/apparmor/usr.sbin.libvirtd.in
@ -139,7 +139,4 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) {

   /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix,
  }
-
-  # Site-specific additions and overrides. See local/README for details.
-  include if exists <local/usr.sbin.libvirtd>
 }
--- a/src/security/apparmor/usr.sbin.libvirtd.local
+++ b/src/security/apparmor/usr.sbin.libvirtd.local
@ -1 +0,0 @@
-# Site-specific additions and overrides for 'usr.sbin.libvirtd'
--- a/src/security/apparmor/usr.sbin.virtqemud.in
+++ b/src/security/apparmor/usr.sbin.virtqemud.in
@ -132,7 +132,4 @@ profile virtqemud @sbindir@/virtqemud flags=(attach_disconnected) {

   /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix,
  }
-
-  # Site-specific additions and overrides. See local/README for details.
-  include if exists <local/usr.sbin.virtqemud>
 }
--- a/src/security/apparmor/usr.sbin.virtqemud.local
+++ b/src/security/apparmor/usr.sbin.virtqemud.local
@ -1 +0,0 @@
-# Site-specific additions and overrides for 'usr.sbin.virtqemud'
--- a/src/security/apparmor/usr.sbin.virtxend.in
+++ b/src/security/apparmor/usr.sbin.virtxend.in
@ -52,7 +52,4 @@ profile virtxend @sbindir@/virtxend flags=(attach_disconnected) {
  @libexecdir@/libvirt_iohelper ix,
  /etc/libvirt/hooks/** rmix,
  /etc/xen/scripts/** rmix,
-
-  # Site-specific additions and overrides. See local/README for details.
-  include if exists <local/usr.sbin.virtxend>
 }
--- a/src/security/apparmor/usr.sbin.virtxend.local
+++ b/src/security/apparmor/usr.sbin.virtxend.local
@ -1 +0,0 @@
-# Site-specific additions and overrides for 'usr.sbin.virtxend'
				`@ -1 +0,0 @@`
				`# Site-specific additions and overrides for 'usr.sbin.libvirtd'`