12:32 p.m.
From: intrigeri <intrigeri(a)debian.org>
---
examples/apparmor/libvirt-qemu | 8 ++++----
examples/apparmor/usr.lib.libvirt.virt-aa-helper | 2 +-
examples/apparmor/usr.sbin.libvirtd | 4 ++--
3 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
index 11381d4..133c2eb 100644
--- a/examples/apparmor/libvirt-qemu
+++ b/examples/apparmor/libvirt-qemu
@@ -136,12 +136,12 @@
/usr/{lib,lib64}/qemu/block-rbd.so mr,
# for save and resume
- /bin/dash rmix,
- /bin/dd rmix,
- /bin/cat rmix,
+ /{usr/,}bin/dash rmix,
+ /{usr/,}bin/dd rmix,
+ /{usr/,}bin/cat rmix,
# for restore
- /bin/bash rmix,
+ /{usr/,}bin/bash rmix,
# for usb access
/dev/bus/usb/ r,
diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper
b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
index b34fb35..4a8f197 100644
--- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper
+++ b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
@@ -21,7 +21,7 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
/sys/devices/** r,
/usr/{lib,lib64}/libvirt/virt-aa-helper mr,
- /sbin/apparmor_parser Ux,
+ /{usr/,}sbin/apparmor_parser Ux,
/etc/apparmor.d/libvirt/* r,
/etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]* rw,
diff --git a/examples/apparmor/usr.sbin.libvirtd b/examples/apparmor/usr.sbin.libvirtd
index 48651b2..934124b 100644
--- a/examples/apparmor/usr.sbin.libvirtd
+++ b/examples/apparmor/usr.sbin.libvirtd
@@ -47,12 +47,12 @@
/usr/bin/* PUx,
/usr/sbin/virtlogd pix,
/usr/sbin/* PUx,
- /lib/udev/scsi_id PUx,
+ /{usr/,}lib/udev/scsi_id PUx,
/usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx,
/usr/{lib,lib64}/xen/bin/* Ux,
# force the use of virt-aa-helper
- audit deny /sbin/apparmor_parser rwxl,
+ audit deny /{usr/,}sbin/apparmor_parser rwxl,
audit deny /etc/apparmor.d/libvirt/** wxl,
audit deny /sys/kernel/security/apparmor/features rwxl,
audit deny /sys/kernel/security/apparmor/matching rwxl,
--
2.10.2
12:33 p.m.
On Sat, 2016-12-03 at 18:32 +0000, intrigeri wrote:
From: intrigeri <intrigeri(a)debian.org>
---
examples/apparmor/libvirt-qemu | 8 ++++----
examples/apparmor/usr.lib.libvirt.virt-aa-helper | 2 +-
examples/apparmor/usr.sbin.libvirtd | 4 ++--
3 files changed, 7 insertions(+), 7 deletions(-)
diff --git a/examples/apparmor/libvirt-qemu b/examples/apparmor/libvirt-qemu
index 11381d4..133c2eb 100644
--- a/examples/apparmor/libvirt-qemu
+++ b/examples/apparmor/libvirt-qemu
@@ -136,12 +136,12 @@
/usr/{lib,lib64}/qemu/block-rbd.so mr,
# for save and resume
- /bin/dash rmix,
- /bin/dd rmix,
- /bin/cat rmix,
+ /{usr/,}bin/dash rmix,
+ /{usr/,}bin/dd rmix,
+ /{usr/,}bin/cat rmix,
# for restore
- /bin/bash rmix,
+ /{usr/,}bin/bash rmix,
# for usb access
/dev/bus/usb/ r,
diff --git a/examples/apparmor/usr.lib.libvirt.virt-aa-helper
b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
index b34fb35..4a8f197 100644
--- a/examples/apparmor/usr.lib.libvirt.virt-aa-helper
+++ b/examples/apparmor/usr.lib.libvirt.virt-aa-helper
@@ -21,7 +21,7 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-
helper {
/sys/devices/** r,
/usr/{lib,lib64}/libvirt/virt-aa-helper mr,
- /sbin/apparmor_parser Ux,
+ /{usr/,}sbin/apparmor_parser Ux,
/etc/apparmor.d/libvirt/* r,
/etc/apparmor.d/libvirt/libvirt-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-9a-f]*-[0-
9a-f]* rw,
diff --git a/examples/apparmor/usr.sbin.libvirtd
b/examples/apparmor/usr.sbin.libvirtd
index 48651b2..934124b 100644
--- a/examples/apparmor/usr.sbin.libvirtd
+++ b/examples/apparmor/usr.sbin.libvirtd
@@ -47,12 +47,12 @@
/usr/bin/* PUx,
/usr/sbin/virtlogd pix,
/usr/sbin/* PUx,
- /lib/udev/scsi_id PUx,
+ /{usr/,}lib/udev/scsi_id PUx,
/usr/{lib,lib64}/xen-common/bin/xen-toolstack PUx,
/usr/{lib,lib64}/xen/bin/* Ux,
# force the use of virt-aa-helper
- audit deny /sbin/apparmor_parser rwxl,
+ audit deny /{usr/,}sbin/apparmor_parser rwxl,
audit deny /etc/apparmor.d/libvirt/** wxl,
audit deny /sys/kernel/security/apparmor/features rwxl,
audit deny /sys/kernel/security/apparmor/matching rwxl,
Changes LGTM.
--
Jamie Strandboge | http://www.canonical.com
7:50 a.m.
On Mon, Dec 12, 2016 at 12:02 PM, intrigeri <intrigeri+libvirt(a)boum.org>
wrote:
What's the process to get this merged, now that Jamie has
ack'ed the
proposed changes?
For this as well as for the one you posted about the /proc/.../comm changes
the process is the same.
You have to wait if there is other feedback and then until one with libvirt
commit rights picks it up.
It is helpful if you can identify a certain (sub-)maintainer for the files
and cc him.
There is no maintainers file that guides you in this case, but usually git
log on a certain dir can give you an idea who to cc.
Given that you come from a Debian point of view if I read mails correctly
you might want to add "Guido Günther <agx(a)sigxcpu.org>" for example.
Other than that it is down to waiting and sometimes pinging for response.
Also for both patches here my Acked-by: Christian Ehrhardt <
christian.ehrhardt(a)canonical.com>
--
Christian Ehrhardt
Software Engineer, Ubuntu Server
Canonical Ltd
8:09 a.m.
On Mon, Dec 12, 2016 at 02:50:21PM +0100, Christian Ehrhardt wrote:
On Mon, Dec 12, 2016 at 12:02 PM, intrigeri
<intrigeri+libvirt(a)boum.org>
wrote:
> What's the process to get this merged, now that Jamie has ack'ed the
> proposed changes?
>
For this as well as for the one you posted about the /proc/.../comm changes
the process is the same.
You have to wait if there is other feedback and then until one with libvirt
commit rights picks it up.
It is helpful if you can identify a certain (sub-)maintainer for the files
and cc him.
There is no maintainers file that guides you in this case, but usually git
log on a certain dir can give you an idea who to cc.
Given that you come from a Debian point of view if I read mails correctly
you might want to add "Guido Günther <agx(a)sigxcpu.org>" for example.
Other than that it is down to waiting and sometimes pinging for response.
Also for both patches here my Acked-by: Christian Ehrhardt <
christian.ehrhardt(a)canonical.com>
Thanks, I'll push this patch
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://entangle-photo.org -o- http://search.cpan.org/~danberr/ :|
2902
days inactive
2911
days old
4 comments
4 participants
participants (4)
-
Christian Ehrhardt -
Daniel P. Berrange -
intrigeri -
Jamie Strandboge