[Pkg-libvirt-commits] [Git][libvirt-team/libvirt][debian/experimental] apparmor: add local include for libvirt-qemu

Thu Apr 11 09:57:25 BST 2019


Guido Günther pushed to branch debian/experimental at Libvirt Packaging Team / libvirt


Commits:
d7482437 by Christian Ehrhardt at 2019-04-11T08:56:44Z
apparmor: add local include for libvirt-qemu

We have had local includes for libvirtd and virt-aa-helper, but
unfortunately the most likely place for local includes to take place is
in /etc/apparmor/abstractions/libvirt-qemu where we have had none.

This adds the include to the patch that addes the other Distro specific
includes d/p/debian/apparmor_profiles_local_include.patch.

Furthermore "normal" dh_apparmor can't handle subdirs in the profile
reference (since this is actually an abstraction it has the subdir).
Also for the abstraction we don't want the usual reload code.
Therefore we extract and add just what we need of a dh_apparmor snippet
and add it to the postinst of libvirt-daemon-system.

Signed-off-by: Christian Ehrhardt <christian.ehrhardt at canonical.com>

- - - - -


2 changed files:

- debian/libvirt-daemon-system.postinst
- debian/patches/debian/apparmor_profiles_local_include.patch


Changes:

=====================================
debian/libvirt-daemon-system.postinst
=====================================
@@ -147,6 +147,21 @@ esac
 
 db_stop
 
+# dh_apparmor can't work with dir/file profile filenames, also we don't want
+# the reload section of dh_apparmor - just the install of an empty include
+if [ "$1" = "configure" ]; then
+    APP_PROFILE="/etc/apparmor.d/abstractions/libvirt-qemu"
+    if [ -f "$APP_PROFILE" ]; then
+        # Add the local/ include
+        LOCAL_APP_PROFILE="/etc/apparmor.d/local/abstractions/libvirt-qemu"
+
+        test -e "$LOCAL_APP_PROFILE" || {
+            mkdir -p `dirname "$LOCAL_APP_PROFILE"`
+            install --mode 644 /dev/null "$LOCAL_APP_PROFILE"
+        }
+    fi
+fi
+
 # dh_installdeb will replace this with shell code automatically
 # generated by other debhelper scripts.
 


=====================================
debian/patches/debian/apparmor_profiles_local_include.patch
=====================================
@@ -31,3 +31,12 @@ index 29f9936..a66452b 100644
 +  # Site-specific additions and overrides. See local/README for details.
 +  #include <local/usr.sbin.libvirtd>
  }
+--- a/examples/apparmor/libvirt-qemu
++++ b/examples/apparmor/libvirt-qemu
+@@ -226,3 +226,6 @@
+   # required for sasl GSSAPI plugin
+   /etc/gss/mech.d/ r,
+   /etc/gss/mech.d/* r,
++
++  # Site-specific additions and overrides. See local/README for details.
++  #include <local/abstractions/libvirt-qemu>



View it on GitLab: https://salsa.debian.org/libvirt-team/libvirt/commit/d748243756a95f0860859c73351d352e2375fe43

-- 
View it on GitLab: https://salsa.debian.org/libvirt-team/libvirt/commit/d748243756a95f0860859c73351d352e2375fe43
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-libvirt-commits/attachments/20190411/b3e2564e/attachment-0001.html>
