On 1/5/26 21:27, Wesley Hershberger via Devel wrote: > From: Serge Hallyn <[email protected]> > > Just because a disk element only requests read access doesn't mean > there may not be another readwrite request. > > Using 'R' when creating the apparmor rule will prevent an implicit > write-deny rule to be created alongside. This does not mean write > is allowed but it would cause a denial message and probably more > relevant, allows to add write access later. > > Resolves: #622 > Resolves: #806
We like full URL here so that it's clickable even from good old 'git log' ran from a terminal. > Bug-Ubuntu: https://bugs.launchpad.net/bugs/1554031 > Bug-Ubuntu: https://bugs.launchpad.net/bugs/1692441 > Signed-off-by: Christian Ehrhardt <[email protected]> > Signed-off-by: Stefan Bader <[email protected]> > Signed-off-by: Wesley Hershberger <[email protected]> > --- > src/security/virt-aa-helper.c | 4 ++-- > 1 file changed, 2 insertions(+), 2 deletions(-) > > diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c > index de0a826063..9598b95432 100644 > --- a/src/security/virt-aa-helper.c > +++ b/src/security/virt-aa-helper.c > @@ -835,11 +835,11 @@ add_file_path(virStorageSource *src, > > if (depth == 0) { > if (src->readonly) > - ret = vah_add_file(buf, src->path, "rk"); > + ret = vah_add_file(buf, src->path, "Rk"); > else > ret = vah_add_file(buf, src->path, "rwk"); > } else { > - ret = vah_add_file(buf, src->path, "rk"); > + ret = vah_add_file(buf, src->path, "Rk"); > } > > if (ret != 0) > Reviewed-by: Michal Privoznik <[email protected]> and merged. The rest was already reviewed by Peter. Michal
