virt-aa-helper: Drop unnecessary AppArmor rule

Apparently /proc/self is automatically converted to /proc/@{pid} before checking rules, which makes spelling it out explicitly redundant. Suggested-by: N Jamie Strandboge <jamie@canonical.com> Signed-off-by: N Andrea Bolognani <abologna@redhat.com> Reviewed-by: N Martin Kletzander <mkletzan@redhat.com>

virt-aa-helper: Drop unnecessary AppArmor rule
Apparently /proc/self is automatically converted to /proc/@{pid} before checking rules, which makes spelling it out explicitly redundant. Suggested-by: N Jamie Strandboge <jamie@canonical.com> Signed-off-by: N Andrea Bolognani <abologna@redhat.com> Reviewed-by: N Martin Kletzander <mkletzan@redhat.com>
60dfe769 · Andrea Bolognani · 359c7c1e · 60dfe769
隐藏空白更改
内联并排

Showing with 0 addition and 1 deletion

src/security/apparmor/usr.lib.libvirt.virt-aa-helper src/security/apparmor/usr.lib.libvirt.virt-aa-helper +0 -1

未找到文件。
--- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
+++ b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
@@ -18,7 +18,6 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
  @{PROC}/filesystems r,

  # Used when internally running another command (namely apparmor_parser)
-  @{PROC}/self/fd/ r,
  @{PROC}/@{pid}/fd/ r,

  /etc/libnl-3/classid r,