Without this patch, kvm and kqemu domains confined with apparmor can't start
due to virt-aa-helper not finding TEMPLATE.kvm or TEMPLATE.kqemu. This patch
points all kvm-related drivers to TEMPLATE.qemu.
---
src/security/virt-aa-helper.c | 12 +++++++++++-
1 file changed, 11 insertions(+), 1 deletion(-)
diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
index 9afc8db..6b95fdb 100644
--- a/src/security/virt-aa-helper.c
+++ b/src/security/virt-aa-helper.c
@@ -341,15 +341,25 @@ create_profile(const char *profile, const char *profile_name,
int tlen, plen;
int fd;
int rc = -1;
+ const char *driver_name = NULL;
if (virFileExists(profile)) {
vah_error(NULL, 0, _("profile exists"));
goto end;
}
+ switch (virtType) {
+ case VIR_DOMAIN_VIRT_QEMU:
+ case VIR_DOMAIN_VIRT_KQEMU:
+ case VIR_DOMAIN_VIRT_KVM:
+ driver_name = "qemu";
+ break;
+ default:
+ driver_name = virDomainVirtTypeToString(virtType);
+ }
if (virAsprintfQuiet(&template, "%s/TEMPLATE.%s", APPARMOR_DIR "/libvirt",
- virDomainVirtTypeToString(virtType)) < 0) {
+ driver_name) < 0) {
vah_error(NULL, 0, _("template name exceeds maximum length"));
goto end;
}
--
1.8.4.5
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list