apparmor: allow adding permanent per guest rules

The design of apparmor in libvirt always had a way to define custom per-guest rules as described in docs/drvqemu.html and [1]. A fix meant to clean the profiles after guest shutdown was a bit overzealous and accidentially removed this important admin feature as well. Therefore reduce the --delete option of virt-aa-helper to only delete the .files that would be re-generated in any case. Users/Admins are always free to clean the profiles themselve if they prefer a clean directory - they will be regenerated as needed. But libvirt should never remove the base profile meant to allow per-guest overrides and thereby break a documented feature. [1]: https://gitlab.com/apparmor/apparmor/-/wikis/Libvirt#advanced-usage Fixes: eba2225b "apparmor: delete profile on VM shutdown" Signed-off-by: Christian Ehrhardt <christian.ehrhardt@canonical.com> Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
2025-01-27 18:03:50 +03:00 · 2020-08-06 16:54:34 +02:00 · 2020-08-06 16:54:34 +02:00 · d9c21f4bfc
commit d9c21f4bfc
parent a6886aafac
1 changed files with 1 additions and 2 deletions
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@ -99,7 +99,7 @@ vah_usage(void)
            "  Modes:\n"
            "    -a | --add                     load profile\n"
            "    -c | --create                  create profile from template\n"
-            "    -D | --delete                  unload and delete profile\n"
+            "    -D | --delete                  unload profile and delete generated rules\n"
            "    -r | --replace                 reload profile\n"
            "    -R | --remove                  unload profile\n"
            "  Options:\n"
@ -1491,7 +1491,6 @@ main(int argc, char **argv)
        rc = parserRemove(ctl->uuid);
        if (ctl->cmd == 'D') {
            unlink(include_file);
-            unlink(profile);
        }
    } else if (ctl->cmd == 'c' || ctl->cmd == 'r') {
        char *included_files = NULL;