[libvirt] [PATCH] security: aa-helper: allow virt-aa-helper to read .vhd images
VHD images can be used as any other, so we should add them to the list of types that virt-aa-helper can read when creating the per-guest rules for backing files. Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> --- src/security/apparmor/usr.lib.libvirt.virt-aa-helper | 1 + 1 file changed, 1 insertion(+) diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper index 78994bcda6..bf6bd297d1 100644 --- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper +++ b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper @@ -63,6 +63,7 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper { /**.qcow{,2} r, /**.qed r, /**.vmdk r, + /**.vhd r, /**.[iI][sS][oO] r, /**/disk{,.*} r, -- 2.22.0
On Wed, 2019-07-03 at 12:46 +0200, Christian Ehrhardt wrote:
VHD images can be used as any other, so we should add them to the list of types that virt-aa-helper can read when creating the per-guest rules for backing files.
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> --- src/security/apparmor/usr.lib.libvirt.virt-aa-helper | 1 + 1 file changed, 1 insertion(+)
diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper index 78994bcda6..bf6bd297d1 100644 --- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper +++ b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper @@ -63,6 +63,7 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper { /**.qcow{,2} r, /**.qed r, /**.vmdk r, + /**.vhd r, /**.[iI][sS][oO] r, /**/disk{,.*} r,
I know basically nothing about AppArmor, but given the pre-existing contents of the file the changes seem completely reasonable, so Reviewed-by: Andrea Bolognani <abologna@redhat.com> -- Andrea Bolognani / Red Hat / Virtualization
On Wed, 03 Jul 2019, Christian Ehrhardt wrote:
VHD images can be used as any other, so we should add them to the list of types that virt-aa-helper can read when creating the per-guest rules for backing files.
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> --- src/security/apparmor/usr.lib.libvirt.virt-aa-helper | 1 + 1 file changed, 1 insertion(+)
diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper index 78994bcda6..bf6bd297d1 100644 --- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper +++ b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper @@ -63,6 +63,7 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper { /**.qcow{,2} r, /**.qed r, /**.vmdk r, + /**.vhd r,
This looks fine. +1 to apply. -- Jamie Strandboge | http://www.canonical.com
On Fri, Jul 12, 2019 at 7:02 PM Jamie Strandboge <jamie@canonical.com> wrote:
On Wed, 03 Jul 2019, Christian Ehrhardt wrote:
VHD images can be used as any other, so we should add them to the list of types that virt-aa-helper can read when creating the per-guest rules for backing files.
Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> --- src/security/apparmor/usr.lib.libvirt.virt-aa-helper | 1 + 1 file changed, 1 insertion(+)
diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper index 78994bcda6..bf6bd297d1 100644 --- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper +++ b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper @@ -63,6 +63,7 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper { /**.qcow{,2} r, /**.qed r, /**.vmdk r, + /**.vhd r,
This looks fine. +1 to apply.
Thank you Jamie and Andrea! the commit is now pushed with your Review/Ack tags added.
participants (3)
-
Andrea Bolognani -
Christian Ehrhardt -
Jamie Strandboge