Re: [PATCH] Teach virt-aa-helper to use TEMPLATE.qemu if the domain is kvm or kqemu

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 10/29/14 14:31, Serge Hallyn wrote:
> Quoting Cédric Bosdonnat (cbosdonnat@xxxxxxxx):
>> Without this patch, kvm and kqemu domains confined with apparmor can't start
>> due to virt-aa-helper not finding TEMPLATE.kvm or TEMPLATE.kqemu. This patch
>> points all kvm-related drivers to TEMPLATE.qemu.
> 
> D'oh, I dropped the ball here.  I had a patch like this but it seems it never
> made it to the list.
> 
> Thanks, Cédric.
> 
> Acked-by: Serge E. Hallyn <serge.hallyn@xxxxxxxxxx>

Thanks for confirming it's the right thing to do with apparmor. I'll
push this patch in a moment. I was about to ACK it but was afraid to do
so as I don't use apparmor actually.

Peter

> 
>>
>> ---
>>  src/security/virt-aa-helper.c | 12 +++++++++++-
>>  1 file changed, 11 insertions(+), 1 deletion(-)
>>
>> diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c
>> index 9afc8db..6b95fdb 100644
>> --- a/src/security/virt-aa-helper.c
>> +++ b/src/security/virt-aa-helper.c
>> @@ -341,15 +341,25 @@ create_profile(const char *profile, const char *profile_name,
>>      int tlen, plen;
>>      int fd;
>>      int rc = -1;
>> +    const char *driver_name = NULL;
>>  
>>      if (virFileExists(profile)) {
>>          vah_error(NULL, 0, _("profile exists"));
>>          goto end;
>>      }
>>  
>> +    switch (virtType) {
>> +    case VIR_DOMAIN_VIRT_QEMU: 
>> +    case VIR_DOMAIN_VIRT_KQEMU: 
>> +    case VIR_DOMAIN_VIRT_KVM:
>> +        driver_name = "qemu";
>> +        break;
>> +    default:
>> +        driver_name = virDomainVirtTypeToString(virtType);
>> +    }
>>  
>>      if (virAsprintfQuiet(&template, "%s/TEMPLATE.%s", APPARMOR_DIR "/libvirt",
>> -                         virDomainVirtTypeToString(virtType)) < 0) {
>> +                         driver_name) < 0) {
>>          vah_error(NULL, 0, _("template name exceeds maximum length"));
>>          goto end;
>>      }
>> -- 
>> 1.8.4.5
>>
>> --
>> libvir-list mailing list
>> libvir-list@xxxxxxxxxx
>> https://www.redhat.com/mailman/listinfo/libvir-list
> 
> --
> libvir-list mailing list
> libvir-list@xxxxxxxxxx
> https://www.redhat.com/mailman/listinfo/libvir-list
>

Attachment: signature.asc
Description: OpenPGP digital signature

--
libvir-list mailing list
libvir-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvir-list
[Index of Archives]     [Virt Tools]     [Libvirt Users]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Fedora Tools]