patches: Drop old backports

b9137d5f · Andrea Bolognani · b74ac7a1 · b74ac7a1 · b9137d5f
Commit b9137d5f authored 8 months ago by Andrea Bolognani
--- a/debian/patches/backport/apparmor-Don-t-check-for-existence-of-templates-upfront.patch
+++ b/debian/patches/backport/apparmor-Don-t-check-for-existence-of-templates-upfront.patch
-From: Andrea Bolognani <abologna@redhat.com>
-Date: Mon, 16 Sep 2024 16:39:11 +0200
-Subject: apparmor: Don't check for existence of templates upfront
-MIME-Version: 1.0
-Content-Type: text/plain; charset="utf-8"
-Content-Transfer-Encoding: 8bit
-
-Currently, if either template is missing AppArmor support is
-completely disabled. This means that uninstalling the LXC
-driver from a system results in QEMU domains being started
-without AppArmor confinement, which obviously doesn't make any
-sense.
-
-The problematic scenario was impossible to hit in Debian until
-very recently, because all AppArmor files were shipped as part
-of the same package; now that the Debian package is much closer
-to the Fedora one, and specifically ships the AppArmor files
-together with the corresponding driver, it becomes trivial to
-trigger it.
-
-Drop the checks entirely. virt-aa-helper, which is responsible
-for creating the per-domain profiles starting from the
-driver-specific template, already fails if the latter is not
-present, so they were always redundant.
-
-https://bugs.debian.org/1081396
-
-Signed-off-by: Andrea Bolognani <abologna@redhat.com>
-Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
-(cherry picked from commit d622ca04f6525b90cfe6d8274efaf4bee043d8ba)
-
-Forwarded: not-needed
-Origin: https://gitlab.com/libvirt/libvirt/-/commit/d622ca04f6525b90cfe6d8274efaf4bee043d8ba
---
- src/security/security_apparmor.c | 18 ------------------
- 1 file changed, 18 deletions(-)
-
-diff --git a/src/security/security_apparmor.c b/src/security/security_apparmor.c
-index 27184ae..a62ec1b 100644
--- a/src/security/security_apparmor.c
-+++ b/src/security/security_apparmor.c
-@@ -318,27 +318,9 @@ AppArmorSetSecurityHostLabel(virSCSIVHostDevice *dev G_GNUC_UNUSED,
- static virSecurityDriverStatus
- AppArmorSecurityManagerProbe(const char *virtDriver G_GNUC_UNUSED)
- {
-    g_autofree char *template_qemu = NULL;
-    g_autofree char *template_lxc = NULL;
-
-     if (use_apparmor() < 0)
-         return SECURITY_DRIVER_DISABLE;
- 
-    /* see if template file exists */
-    template_qemu = g_strdup_printf("%s/TEMPLATE.qemu", APPARMOR_DIR "/libvirt");
-    template_lxc = g_strdup_printf("%s/TEMPLATE.lxc", APPARMOR_DIR "/libvirt");
-
-    if (!virFileExists(template_qemu)) {
-        virReportError(VIR_ERR_INTERNAL_ERROR,
-                       _("template \'%1$s\' does not exist"), template_qemu);
-        return SECURITY_DRIVER_DISABLE;
-    }
-    if (!virFileExists(template_lxc)) {
-        virReportError(VIR_ERR_INTERNAL_ERROR,
-                       _("template \'%1$s\' does not exist"), template_lxc);
-        return SECURITY_DRIVER_DISABLE;
-    }
-
-     return SECURITY_DRIVER_ENABLE;
- }
- 
--- a/debian/patches/series
+++ b/debian/patches/series
-backport/apparmor-Don-t-check-for-existence-of-templates-upfront.patch
 forward/Reduce-udevadm-settle-timeout-to-10-seconds.patch
 debian/Debianize-libvirt-guests.patch
 debian/apparmor_profiles_local_include.patch