On Tue, Nov 25, 2014 at 02:29:25PM +0100, Cédric Bosdonnat wrote:
Implement construction of apparmor security labels. The choice between selinux and apparmor model isn't exposed to the user, but guessed depending on what the host supports. --- bin/virt-sandbox-service | 15 ++++++++------- libvirt-sandbox/libvirt-sandbox-builder.c | 32 +++++++++++++++++++++++++++++++ 2 files changed, 40 insertions(+), 7 deletions(-)
[...]
diff --git a/libvirt-sandbox/libvirt-sandbox-builder.c b/libvirt-sandbox/libvirt-sandbox-builder.c
index 48fc9bc..bcad652 100644
--- a/libvirt-sandbox/libvirt-sandbox-builder.c
+++ b/libvirt-sandbox/libvirt-sandbox-builder.c
@@ -358,6 +358,31 @@ static gboolean gvir_sandbox_builder_construct_security_selinux (GVirSandboxBuil
return TRUE;
}
+static gboolean gvir_sandbox_builder_construct_security_apparmor(GVirSandboxBuilder *builder,
+ GVirSandboxConfig *config,
+ GVirConfigDomain *domain,
+ GError **error)
+{
+ GVirConfigDomainSeclabel *sec = gvir_config_domain_seclabel_new();
+ const char *label = gvir_sandbox_config_get_security_label(config);
+
+ gvir_config_domain_seclabel_set_model(sec, "apparmor");
+ if (gvir_sandbox_config_get_security_dynamic(config)) {
+ gvir_config_domain_seclabel_set_type(sec,
+ GVIR_CONFIG_DOMAIN_SECLABEL_DYNAMIC);
There probably isn't something like a 'baselabel' in apparmor, right? Because that could be set if there is a label in the config. Anyway, ACK, Martin
Attachment:
signature.asc
Description: Digital signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list