On Tue, 2025-01-07 at 17:04 -0700, Jim Fehlig wrote:
On 1/7/25 08:23, Georgia Garcia wrote:
> There is a common misconception when writing AppArmor policy that
> [0-9]* applies * to the [0-9] class, but that's not the case. For this
> example, [0-9]* matches a single digit followed by any number of
> characters except for /
>
> Create a UUID variable that uses the following format 8-4-4-4-12.
>
> Signed-off-by: Georgia Garcia <georgia.garcia(a)canonical.com>
> ---
> src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in | 5 ++++-
> src/security/apparmor/usr.sbin.libvirtd.in | 7 +++++--
> src/security/apparmor/usr.sbin.virtqemud.in | 6 ++++--
> 3 files changed, 13 insertions(+), 5 deletions(-)
This patch seems fine to me. Did you notice the issue by code inspection, or
does it fix an observed error? If the latter, we should mention it in the commit
message.
It was indeed by code inspection. Since the rules were broader than
needed, we wouldn't see errors related to this in normal libvirt use.
I'm just restricting it to what was the intended behavior.
Thank you,
Georgia
Reviewed-by: Jim Fehlig <jfehlig(a)suse.com>
Regards,
Jim