On 7/9/24 04:04, Michal Privoznik wrote:
When generating paths for a domain specific AppArmor profile each
path undergoes a validation where it's matched against an array
of well known prefixes (among other things). Now, for
OVMF/AAVMF/... images we have a list and some entries have
comments to which type of image the entry belongs to. For
instance:
"/usr/share/OVMF/", /* for OVMF images */
"/usr/share/AAVMF/", /* for AAVMF images */
But these comments are pretty useless. The path itself already
gives away the image type. Drop them.
Signed-off-by: Michal Privoznik <[email protected]>
Reviewed-by: Jim Fehlig <[email protected]>
---
src/security/virt-aa-helper.c | 14 +++++++-------
1 file changed, 7 insertions(+), 7 deletions(-)
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index a3f85d26b0..c1e89dc6cf 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -475,15 +475,15 @@ valid_path(const char *path, const bool readonly)
"/initrd",
"/initrd.img",
"/usr/share/edk2/",
- "/usr/share/edk2-ovmf/", /* for OVMF images */
Short lived comment :-).
Jim
- "/usr/share/OVMF/", /* for OVMF images */
- "/usr/share/ovmf/", /* for OVMF images */
- "/usr/share/AAVMF/", /* for AAVMF images */
+ "/usr/share/edk2-ovmf/",
+ "/usr/share/OVMF/",
+ "/usr/share/ovmf/",
+ "/usr/share/AAVMF/",
"/usr/share/qemu-efi/", /* for AAVMF images */
- "/usr/share/qemu-efi-aarch64/", /* for AAVMF images */
+ "/usr/share/qemu-efi-aarch64/",
"/usr/share/qemu/", /* SUSE path for OVMF and AAVMF
images */
- "/usr/lib/u-boot/", /* u-boot loaders for qemu */
- "/usr/lib/riscv64-linux-gnu/opensbi" /* RISC-V SBI implementation */
+ "/usr/lib/u-boot/",
+ "/usr/lib/riscv64-linux-gnu/opensbi",
};
/* override the above with these */
const char * const override[] = {
