[lxc-devel] [lxd/master] Apparmor redux

simondeziel on Github lxc-bot at linuxcontainers.org
Mon Aug 24 15:53:04 UTC 2020 

A non-text attachment was scrubbed...
Name: not available
Type: text/x-mailbox
Size: 609 bytes
Desc: not available
URL: <http://lists.linuxcontainers.org/pipermail/lxc-devel/attachments/20200824/084ba3ba/attachment.bin>
-------------- next part --------------
From 99c62ecbe8c21ceb926545701378985561f048fc Mon Sep 17 00:00:00 2001
From: Simon Deziel <simon at sdeziel.info>
Date: Mon, 24 Aug 2020 11:50:29 -0400
Subject: [PATCH 1/2] lxd/apparmor/dnsmasq: drop dup rule, /snap/lxd/*/
 includes /snap/lxd/current/

Signed-off-by: Simon Deziel <simon at sdeziel.info>
---
 lxd/apparmor/network_dnsmasq.go | 2 --
 1 file changed, 2 deletions(-)

diff --git a/lxd/apparmor/network_dnsmasq.go b/lxd/apparmor/network_dnsmasq.go
index 0b63dc6048..f411627753 100644
--- a/lxd/apparmor/network_dnsmasq.go
+++ b/lxd/apparmor/network_dnsmasq.go
@@ -57,11 +57,9 @@ profile "{{ .name }}" flags=(attach_disconnected,mediate_deleted) {
 {{- if .snap }}
 
   # The binary itself (for nesting)
-  /snap/lxd/current/bin/dnsmasq           mr,
   /snap/lxd/*/bin/dnsmasq                 mr,
 
   # Snap-specific libraries
-  /snap/lxd/current/lib/**.so*            mr,
   /snap/lxd/*/lib/**.so*                  mr,
 {{- end }}
 }

From 42eef074a88a3d2facb7dd1a7d90d34a7a5c187e Mon Sep 17 00:00:00 2001
From: Simon Deziel <simon at sdeziel.info>
Date: Mon, 24 Aug 2020 11:50:45 -0400
Subject: [PATCH 2/2] lxd/apparmor/forkdns: drop dup rule, /snap/lxd/*/
 includes /snap/lxd/current/

Signed-off-by: Simon Deziel <simon at sdeziel.info>
---
 lxd/apparmor/network_forkdns.go | 2 --
 1 file changed, 2 deletions(-)

diff --git a/lxd/apparmor/network_forkdns.go b/lxd/apparmor/network_forkdns.go
index 396e87be67..8aaf43f8e2 100644
--- a/lxd/apparmor/network_forkdns.go
+++ b/lxd/apparmor/network_forkdns.go
@@ -38,11 +38,9 @@ profile "{{ .name }}" flags=(attach_disconnected,mediate_deleted) {
 {{- if .snap }}
   # The binary itself (for nesting)
   /var/snap/lxd/common/lxd.debug      mr,
-  /snap/lxd/current/bin/lxd           mr,
   /snap/lxd/*/bin/lxd                 mr,
 
   # Snap-specific libraries
-  /snap/lxd/current/lib/**.so*            mr,
   /snap/lxd/*/lib/**.so*                  mr,
 {{- end }}
 }

More information about the lxc-devel mailing list