Re: [libvirt] [PATCH] virt-aa-helper: Actually fix AppArmor profile
On Tue, 2019-08-20 at 12:09 -0500, Jamie Strandboge wrote:
On Tue, 20 Aug 2019, Andrea Bolognani wrote:
> # Used when internally running another command (namely apparmor_parser)
> + @{PROC}/self/fd/ r,
/proc/self is a 'magic symlink' and apparmor will resolve symlinks
before performing checks. As such, @{PROC}/self/fd/ is redundant with
the next rule.
> + @{PROC}/@{pid}/fd/ r,
This access LGTM. +1 to apply.
Well, it's already been merged:
https://libvirt.org/git/?p=libvirt.git;a=commit;h=9c2446ed4a81450f6482f25...
I'll post a patch removing the unnecessary rule.
--
Andrea Bolognani / Red Hat / Virtualization