Revert "apparmor: Add support for local profile customizations"

As it turns out, apparmor 2.x and 3.x behave differently or have differing
levels of support for local customizations of profiles and profile
abstractions. Additionally the apparmor 2.x tools do not cope well with
'include if exists'. Revert this commit until a more complete solution is
developed that works with old and new apparmor.

Reverts: 9b743ee19053db2fc3da8fba1e9cf81915c1e2f4
Signed-off-by: Jim Fehlig <jfehlig@suse.com>
Reviewed-by: Andrea Bolognani <abologna@redhat.com>

diff --git a/src/security/apparmor/meson.build b/src/security/apparmor/meson.build
index 02a6d098ad2256a0634330264852798054765a94..58b4024b852baa8a4e54524f08b20ca191f68df8 100644 (file)
--- a/src/security/apparmor/meson.build
+++ b/src/security/apparmor/meson.build
@@ -34,10 +34,8 @@ install_data(
   install_dir: apparmor_dir / 'libvirt',
 )
 
-foreach name : apparmor_gen_profiles
-  install_data(
-    '@0@.local'.format(name),
-    install_dir: apparmor_dir / 'local',
-    rename: name,
-  )
-endforeach
+install_data(
+  'usr.lib.libvirt.virt-aa-helper.local',
+  install_dir: apparmor_dir / 'local',
+  rename: 'usr.lib.libvirt.virt-aa-helper',
+)

diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/apparmor/usr.sbin.libvirtd.in
index 41bdef53ec8aa9fb5b058f4f9360306a9398bccc..edb8dd8e2679ba68a3345ab133500d84e67e9156 100644 (file)
--- a/src/security/apparmor/usr.sbin.libvirtd.in
+++ b/src/security/apparmor/usr.sbin.libvirtd.in
@@ -139,7 +139,4 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) {
 
    /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix,
   }
-
-  # Site-specific additions and overrides. See local/README for details.
-  include if exists <local/usr.sbin.libvirtd>
 }

diff --git a/src/security/apparmor/usr.sbin.libvirtd.local b/src/security/apparmor/usr.sbin.libvirtd.local
deleted file mode 100644 (file)
index 3716400..0000000
--- a/src/security/apparmor/usr.sbin.libvirtd.local
+++ /dev/null
@@ -1 +0,0 @@
-# Site-specific additions and overrides for 'usr.sbin.libvirtd'

diff --git a/src/security/apparmor/usr.sbin.virtqemud.in b/src/security/apparmor/usr.sbin.virtqemud.in
index 3ebdbf2a8f7c5db2edbdf8ada0fe320acbfdbb2c..f269c608093fcc4a94569ae0a2d235c01c168493 100644 (file)
--- a/src/security/apparmor/usr.sbin.virtqemud.in
+++ b/src/security/apparmor/usr.sbin.virtqemud.in
@@ -132,7 +132,4 @@ profile virtqemud @sbindir@/virtqemud flags=(attach_disconnected) {
 
    /usr/{lib,lib64,lib/qemu,libexec}/qemu-bridge-helper rmix,
   }
-
-  # Site-specific additions and overrides. See local/README for details.
-  include if exists <local/usr.sbin.virtqemud>
 }

diff --git a/src/security/apparmor/usr.sbin.virtqemud.local b/src/security/apparmor/usr.sbin.virtqemud.local
deleted file mode 100644 (file)
index 2ac68bb..0000000
--- a/src/security/apparmor/usr.sbin.virtqemud.local
+++ /dev/null
@@ -1 +0,0 @@
-# Site-specific additions and overrides for 'usr.sbin.virtqemud'

diff --git a/src/security/apparmor/usr.sbin.virtxend.in b/src/security/apparmor/usr.sbin.virtxend.in
index 719766a0c1c69ce6047f12b346b3dd2c24c8c449..72e0d801e5ada8954c56f5c16c98faf69121cbd6 100644 (file)
--- a/src/security/apparmor/usr.sbin.virtxend.in
+++ b/src/security/apparmor/usr.sbin.virtxend.in
@@ -52,7 +52,4 @@ profile virtxend @sbindir@/virtxend flags=(attach_disconnected) {
   @libexecdir@/libvirt_iohelper ix,
   /etc/libvirt/hooks/** rmix,
   /etc/xen/scripts/** rmix,
-
-  # Site-specific additions and overrides. See local/README for details.
-  include if exists <local/usr.sbin.virtxend>
 }

diff --git a/src/security/apparmor/usr.sbin.virtxend.local b/src/security/apparmor/usr.sbin.virtxend.local
deleted file mode 100644 (file)
index 2ade86d..0000000
--- a/src/security/apparmor/usr.sbin.virtxend.local
+++ /dev/null
@@ -1 +0,0 @@
-# Site-specific additions and overrides for 'usr.sbin.virtxend'