apparmor: assume at least apparmor >= 3

By assuming version 3, we can drop all the conditional version
substitutions from the profiles.

Reviewed-by: Pavel Hrdina <phrdina@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>

diff --git a/src/security/apparmor/libvirt-lxc.in b/src/security/apparmor/libvirt-lxc.in
index ffe4d8f21f210fc72ee7a6a0128012e1f4fe5d13..11005e7c215cfe789a420b44b73d58f6a5bb96a0 100644 (file)
--- a/src/security/apparmor/libvirt-lxc.in
+++ b/src/security/apparmor/libvirt-lxc.in
@@ -117,6 +117,4 @@
   deny /sys/fs/cgroup?*{,/**} wklx,
   deny /sys/fs?*{,/**} wklx,
 
-@BEGIN_APPARMOR_3@
   include if exists <abstractions/libvirt-lxc.d>
-@END_APPARMOR_3@

diff --git a/src/security/apparmor/libvirt-qemu.in b/src/security/apparmor/libvirt-qemu.in
index c63077574e61c4197eca48eee0e97634c332b4a2..e4aceacd706205802f4b1b307eb79f85a141ea0f 100644 (file)
--- a/src/security/apparmor/libvirt-qemu.in
+++ b/src/security/apparmor/libvirt-qemu.in
@@ -190,7 +190,6 @@
   /usr/{lib,lib64}/libswtpm_libtpms.so mr,
   /usr/lib/@{multiarch}/libswtpm_libtpms.so mr,
 
-@BEGIN_APPARMOR_3@
   # support for passt network back-end
   /usr/bin/passt Cx -> passt,
 
@@ -206,7 +205,6 @@
 
     include if exists <abstractions/passt>
   }
-@END_APPARMOR_3@
 
   # for save and resume
   /{usr/,}bin/dash rmix,
@@ -281,6 +279,4 @@
   owner /var/lib/libvirt/qemu/nvram/*_VARS.fd rwk,
   owner /var/lib/libvirt/qemu/nvram/*_VARS.ms.fd rwk,
 
-@BEGIN_APPARMOR_3@
   include if exists <abstractions/libvirt-qemu.d>
-@END_APPARMOR_3@

diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in
index 90a8b7072cbb549fb1fd86dd93e00d002c82d0b5..e209a8bff78b6630c214d784492884b7fee3f5c3 100644 (file)
--- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in
+++ b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper.in
@@ -74,10 +74,5 @@ profile virt-aa-helper @libexecdir@/virt-aa-helper {
   /**.[iI][sS][oO] r,
   /**/disk{,.*} r,
 
-@BEGIN_APPARMOR_3@
   include if exists <local/usr.lib.libvirt.virt-aa-helper>
-@END_APPARMOR_3@
-@BEGIN_APPARMOR_2@
-  #include <local/usr.lib.libvirt.virt-aa-helper>
-@END_APPARMOR_2@
 }

diff --git a/src/security/apparmor/usr.sbin.libvirtd.in b/src/security/apparmor/usr.sbin.libvirtd.in
index 3659ddc2192831c986a48184e7a6a80e42ab726f..6267e4f737de3407b7652c8347cbb2a3aaaea950 100644 (file)
--- a/src/security/apparmor/usr.sbin.libvirtd.in
+++ b/src/security/apparmor/usr.sbin.libvirtd.in
@@ -144,7 +144,5 @@ profile libvirtd @sbindir@/libvirtd flags=(attach_disconnected) {
    /usr/{lib,lib64,lib/qemu,libexec,libexec/qemu}/qemu-bridge-helper rmix,
   }
 
-@BEGIN_APPARMOR_3@
   include if exists <local/usr.sbin.libvirtd>
-@END_APPARMOR_3@
 }

diff --git a/src/security/apparmor/usr.sbin.virtqemud.in b/src/security/apparmor/usr.sbin.virtqemud.in
index 86b23465b6a9386052736bc1fa3eb2e26529c632..522c098af6c8639816cb120ab4e7a2c8159be770 100644 (file)
--- a/src/security/apparmor/usr.sbin.virtqemud.in
+++ b/src/security/apparmor/usr.sbin.virtqemud.in
@@ -136,7 +136,5 @@ profile virtqemud @sbindir@/virtqemud flags=(attach_disconnected) {
    /usr/{lib,lib64,lib/qemu,libexec,libexec/qemu}/qemu-bridge-helper rmix,
   }
 
-@BEGIN_APPARMOR_3@
   include if exists <local/usr.sbin.virtqemud>
-@END_APPARMOR_3@
 }

diff --git a/src/security/apparmor/usr.sbin.virtxend.in b/src/security/apparmor/usr.sbin.virtxend.in
index 77fedce352c223f6a960065f95a7ae86072534fa..324a000391eef4d01ac578d3f813cc633c4cccc0 100644 (file)
--- a/src/security/apparmor/usr.sbin.virtxend.in
+++ b/src/security/apparmor/usr.sbin.virtxend.in
@@ -55,7 +55,5 @@ profile virtxend @sbindir@/virtxend flags=(attach_disconnected) {
   /etc/libvirt/hooks/** rmix,
   /etc/xen/scripts/** rmix,
 
-@BEGIN_APPARMOR_3@
   include if exists <local/usr.sbin.virtxend>
-@END_APPARMOR_3@
 }