21 Aug
2019
21 Aug
'19
3:21 a.m.
On Tue, 2019-08-20 at 12:09 -0500, Jamie Strandboge wrote:
On Tue, 20 Aug 2019, Andrea Bolognani wrote:
# Used when internally running another command (namely apparmor_parser) + @{PROC}/self/fd/ r,
/proc/self is a 'magic symlink' and apparmor will resolve symlinks before performing checks. As such, @{PROC}/self/fd/ is redundant with the next rule.
+ @{PROC}/@{pid}/fd/ r,
This access LGTM. +1 to apply.
Well, it's already been merged: https://libvirt.org/git/?p=libvirt.git;a=commit;h=9c2446ed4a81450f6482f259f9... I'll post a patch removing the unnecessary rule. -- Andrea Bolognani / Red Hat / Virtualization