On Thu, Jan 30, 2020 at 8:06 AM Michal Privoznik <mprivozn@redhat.com> wrote:
The profile name should reflect the path under which the binary
it describes is installed.

Signed-off-by: Michal Privoznik <mprivozn@redhat.com>
---
 src/security/Makefile.inc.am                           | 10 +++++-----
 ...bvirt.virt-aa-helper => usr.libexec.virt-aa-helper} |  4 ++--
 2 files changed, 7 insertions(+), 7 deletions(-)
 rename src/security/apparmor/{usr.lib.libvirt.virt-aa-helper => usr.libexec.virt-aa-helper} (93%)

diff --git a/src/security/Makefile.inc.am b/src/security/Makefile.inc.am
index 6fe9d50f29..02efefd6d6 100644
--- a/src/security/Makefile.inc.am
+++ b/src/security/Makefile.inc.am
@@ -38,7 +38,7 @@ EXTRA_DIST += \
        security/apparmor/TEMPLATE.lxc \
        security/apparmor/libvirt-qemu \
        security/apparmor/libvirt-lxc \
-       security/apparmor/usr.lib.libvirt.virt-aa-helper \
+       security/apparmor/usr.libexec.virt-aa-helper \

Again - probably better to make it dependent on --libexecdir configure option.
The old path matches the real Ubuntu path, so "for me" that would be a regression making me carry a revert.
 
        security/apparmor/usr.sbin.libvirtd \
        $(NULL)

@@ -91,7 +91,7 @@ endif WITH_SECDRIVER_APPARMOR
 if WITH_APPARMOR_PROFILES
 apparmordir = $(sysconfdir)/apparmor.d/
 apparmor_DATA = \
-       security/apparmor/usr.lib.libvirt.virt-aa-helper \
+       security/apparmor/usr.libexec.virt-aa-helper \
        security/apparmor/usr.sbin.libvirtd \
        $(NULL)

@@ -111,11 +111,11 @@ APPARMOR_LOCAL_DIR = "$(DESTDIR)$(apparmordir)/local"
 install-apparmor-local:
        $(MKDIR_P) "$(APPARMOR_LOCAL_DIR)"
        echo "# Site-specific additions and overrides for \
-               'usr.lib.libvirt.virt-aa-helper'" \
-               >"$(APPARMOR_LOCAL_DIR)/usr.lib.libvirt.virt-aa-helper"
+               'usr.libexec.virt-aa-helper'" \
+               >"$(APPARMOR_LOCAL_DIR)/usr.libexec.virt-aa-helper"

 uninstall-apparmor-local:
-       rm -f "$(APPARMOR_LOCAL_DIR)/usr.lib.libvirt.virt-aa-helper"
+       rm -f "$(APPARMOR_LOCAL_DIR)/usr.libexec.virt-aa-helper"
        rmdir "$(APPARMOR_LOCAL_DIR)" || :

 INSTALL_DATA_LOCAL += install-apparmor-local
diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper b/src/security/apparmor/usr.libexec.virt-aa-helper
similarity index 93%
rename from src/security/apparmor/usr.lib.libvirt.virt-aa-helper
rename to src/security/apparmor/usr.libexec.virt-aa-helper
index ca1f6ca083..72a2fecebe 100644
--- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
+++ b/src/security/apparmor/usr.libexec.virt-aa-helper
@@ -1,7 +1,7 @@
 # Last Modified: Mon Apr  5 15:10:27 2010
 #include <tunables/global>

-profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
+profile virt-aa-helper /usr/{lib,lib64,libexec}/libvirt/virt-aa-helper {
   #include <abstractions/base>

   # needed for searching directories
@@ -70,5 +70,5 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
   /**.[iI][sS][oO] r,
   /**/disk{,.*} r,

-  #include <local/usr.lib.libvirt.virt-aa-helper>
+  #include <local/usr.libexec.virt-aa-helper>
 }
--
2.24.1



--
Christian Ehrhardt
Staff Engineer, Ubuntu Server
Canonical Ltd