[apparmor] [libvirt] [patch] Add support for OVMF in virt-aa-helper [Was: virt-aa-helper: does not support OVMF?]
intrigeri
intrigeri at debian.org
Thu Aug 13 08:24:23 UTC 2015
Hi,
Martin Kletzander wrote (13 Aug 2015 07:55:54 GMT) :
> Good catch, this makes sense, but to be strictly precise about this, I
> would say this makes the directory accessible for R/W, but readonly
> would be enough, wouldn't it?
Yes.
> There could be a small code adjustment,
> I'd even dare calling it a clean-up, that would make it possible for
> this direcotry to be put in the 'restricted_rw'. It would change the
> semantic a bit, but since there is no path that could start with
> string from both 'restricted' and 'restricted_rw' currently, I don't
> see a problem there.
Great idea, the proposed logic looks fine to me. I'm not skilled
enough at C to review the actual patch, though.
Cheers,
--
intrigeri
More information about the AppArmor
mailing list