From d7fb8deb6aa862a8098d8d933dd32a79931cd4dc Mon Sep 17 00:00:00 2001 From: Jim Fehlig Date: Tue, 27 Jun 2023 17:09:15 -0600 Subject: [PATCH] Revert "apparmor: Add support for local profile customizations" As it turns out, apparmor 2.x and 3.x behave differently or have differing levels of support for local customizations of profiles and profile abstractions. Additionally the apparmor 2.x tools do not cope well with 'include if exists'. Revert this commit until a more complete solution is developed that works with old and new apparmor. Reverts: 9b743ee19053db2fc3da8fba1e9cf81915c1e2f4 Signed-off-by: Jim Fehlig Reviewed-by: Andrea Bolognani --- src/security/apparmor/meson.build | 12 +++++------- src/security/apparmor/usr.sbin.libvirtd.in | 3 --- src/security/apparmor/usr.sbin.libvirtd.local | 1 - src/security/apparmor/usr.sbin.virtqemud.in | 3 --- src/security/apparmor/usr.sbin.virtqemud.local | 1 - src/security/apparmor/usr.sbin.virtxend.in | 3 --- src/security/apparmor/usr.sbin.virtxend.local | 1 - 7 files changed, 5 insertions(+), 19 deletions(-) delete mode 100644 src/security/apparmor/usr.sbin.libvirtd.local delete mode 100644 src/security/apparmor/usr.sbin.virtqemud.local delete mode 100644 src/security/apparmor/usr.sbin.virtxend.local diff --git a/src/security/apparmor/meson.build b/src/security/apparmor/meson.build index 02a6d098ad..58b4024b85 100644 --- a/src/security/apparmor/meson.build +++ b/src/security/apparmor/meson.build @@ -34,10 +34,8 @@ install_data( install_dir: apparmor_dir / 'libvirt', ) -foreach name : apparmor_gen_profiles - install_data( - '@0@.local'.format(name), - install_dir: apparmor_dir / 'local', - rename: name, - ) -endforeach +install_data( + 'usr.lib.libvirt.virt-aa-helper.local', + install_dir: apparmor_dir / 'local', + rename: 'usr.lib.libvirt.virt-aa-helper', +) diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/apparmor/usr.sbin.libvirtd.in index 41bdef53ec..edb8dd8e26 100644 --- a/src/security/apparmor/usr.sbin.libvirtd.in +++ b/src/security/apparmor/usr.sbin.libvirtd.in @@ -139,7 +139,4 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) { /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix, } - - # Site-specific additions and overrides. See local/README for details. - include if exists } diff --git a/src/security/apparmor/usr.sbin.libvirtd.local b/src/security/apparmor/usr.sbin.libvirtd.local deleted file mode 100644 index 3716400022..0000000000 --- a/src/security/apparmor/usr.sbin.libvirtd.local +++ /dev/null @@ -1 +0,0 @@ -# Site-specific additions and overrides for 'usr.sbin.libvirtd' diff --git a/src/security/apparmor/usr.sbin.virtqemud.in b/src/security/apparmor/usr.sbin.virtqemud.in index 3ebdbf2a8f..f269c60809 100644 --- a/src/security/apparmor/usr.sbin.virtqemud.in +++ b/src/security/apparmor/usr.sbin.virtqemud.in @@ -132,7 +132,4 @@ profile virtqemud @sbindir@/virtqemud flags=(attach_disconnected) { /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix, } - - # Site-specific additions and overrides. See local/README for details. - include if exists } diff --git a/src/security/apparmor/usr.sbin.virtqemud.local b/src/security/apparmor/usr.sbin.virtqemud.local deleted file mode 100644 index 2ac68bb069..0000000000 --- a/src/security/apparmor/usr.sbin.virtqemud.local +++ /dev/null @@ -1 +0,0 @@ -# Site-specific additions and overrides for 'usr.sbin.virtqemud' diff --git a/src/security/apparmor/usr.sbin.virtxend.in b/src/security/apparmor/usr.sbin.virtxend.in index 719766a0c1..72e0d801e5 100644 --- a/src/security/apparmor/usr.sbin.virtxend.in +++ b/src/security/apparmor/usr.sbin.virtxend.in @@ -52,7 +52,4 @@ profile virtxend @sbindir@/virtxend flags=(attach_disconnected) { @libexecdir@/libvirt_iohelper ix, /etc/libvirt/hooks/** rmix, /etc/xen/scripts/** rmix, - - # Site-specific additions and overrides. See local/README for details. - include if exists } diff --git a/src/security/apparmor/usr.sbin.virtxend.local b/src/security/apparmor/usr.sbin.virtxend.local deleted file mode 100644 index 2ade86d4df..0000000000 --- a/src/security/apparmor/usr.sbin.virtxend.local +++ /dev/null @@ -1 +0,0 @@ -# Site-specific additions and overrides for 'usr.sbin.virtxend'