Quoting Cédric Bosdonnat (cbosdonnat@xxxxxxxx):
> Without this patch, kvm and kqemu domains confined with apparmor can't start
> due to virt-aa-helper not finding TEMPLATE.kvm or TEMPLATE.kqemu. This patch
> points all kvm-related drivers to TEMPLATE.qemu.
D'oh, I dropped the ball here. I had a patch like this but it seems it never
made it to the list.
Thanks, Cédric.
Acked-by: Serge E. Hallyn <serge.hallyn@xxxxxxxxxx>
>
> ---
> src/security/virt-aa-helper.c | 12 +++++++++++-
> 1 file changed, 11 insertions(+), 1 deletion(-)
>
> diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
> index 9afc8db..6b95fdb 100644
> --- a/src/security/virt-aa-helper.c
> +++ b/src/security/virt-aa-helper.c
> @@ -341,15 +341,25 @@ create_profile(const char *profile, const char *profile_name,
> int tlen, plen;
> int fd;
> int rc = -1;
> + const char *driver_name = NULL;
>
> if (virFileExists(profile)) {
> vah_error(NULL, 0, _("profile exists"));
> goto end;
> }
>
> + switch (virtType) {
> + case VIR_DOMAIN_VIRT_QEMU:
> + case VIR_DOMAIN_VIRT_KQEMU:
> + case VIR_DOMAIN_VIRT_KVM:
> + driver_name = "qemu";
> + break;
> + default:
> + driver_name = virDomainVirtTypeToString(virtType);
> + }
>
> if (virAsprintfQuiet(&template, "%s/TEMPLATE.%s", APPARMOR_DIR "/libvirt",
> - virDomainVirtTypeToString(virtType)) < 0) {
> + driver_name) < 0) {
> vah_error(NULL, 0, _("template name exceeds maximum length"));
> goto end;
> }
> --
> 1.8.4.5
>
> --
> libvir-list mailing list
> libvir-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/libvir-list
--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list