virt-aa-helper: Drop unnecessary AppArmor rule

Apparently /proc/self is automatically converted to /proc/@{pid}
before checking rules, which makes spelling it out explicitly
redundant.

Suggested-by: Jamie Strandboge <jamie@canonical.com>
Signed-off-by: Andrea Bolognani <abologna@redhat.com>
Reviewed-by: Martin Kletzander <mkletzan@redhat.com>

diff --git a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
index 64772f075696996f681066f1ec36c7ff906c0978..11e9c039ca2a350c416071371a8a1ae73a166bcb 100644 (file)
--- a/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
+++ b/src/security/apparmor/usr.lib.libvirt.virt-aa-helper
@@ -18,7 +18,6 @@ profile virt-aa-helper /usr/{lib,lib64}/libvirt/virt-aa-helper {
   @{PROC}/filesystems r,
 
   # Used when internally running another command (namely apparmor_parser)
-  @{PROC}/self/fd/ r,
   @{PROC}/@{pid}/fd/ r,
 
   /etc/libnl-3/classid r,