Quoting Ján Tomko (jtomko@xxxxxxxxxx): > On Mon, Apr 06, 2015 at 04:12:03PM +0000, Serge Hallyn wrote: > > The original bug report was at > > https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1393842 > > > > Signed-off-by: Serge Hallyn <serge.hallyn@xxxxxxxxxx> > > --- > > src/security/virt-aa-helper.c | 1 + > > 1 file changed, 1 insertion(+) > > > > ACK > > Should virt-aa-helper-test be updated too? I guess so. More importantly, are there cases in libvirt where there is a an abstract UNIX channel? If so then we'd have to avoid those cases. The current code will write out an empty string for the file path, which probably will result in a corrupt policy. > Jan > > > diff --git a/src/security/virt-aa-helper.c b/src/security/virt-aa-helper.c > > index e53779e..8ec95c1 100644 > > --- a/src/security/virt-aa-helper.c > > +++ b/src/security/virt-aa-helper.c > > @@ -998,6 +998,7 @@ get_files(vahControl * ctl) > > (ctl->def->channels[i]->source.type == VIR_DOMAIN_CHR_TYPE_PTY || > > ctl->def->channels[i]->source.type == VIR_DOMAIN_CHR_TYPE_DEV || > > ctl->def->channels[i]->source.type == VIR_DOMAIN_CHR_TYPE_FILE || > > + ctl->def->channels[i]->source.type == VIR_DOMAIN_CHR_TYPE_UNIX || > > ctl->def->channels[i]->source.type == VIR_DOMAIN_CHR_TYPE_PIPE) && > > ctl->def->channels[i]->source.data.file.path) > > if (vah_add_file_chardev(&buf, > > -- > > 2.1.4 > > > > -- > > libvir-list mailing list > > libvir-list@xxxxxxxxxx > > https://www.redhat.com/mailman/listinfo/libvir-list > -- > libvir-list mailing list > libvir-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/libvir-list -- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list