Hi all,
May I kindly ask someone for some advice on this topic?
Regards,
Michal
On 21 May 2015 at 20:23, Michał Dubiel <md@xxxxxxxxxxxx> wrote:
Hi guys,I have got a question. I need to add apparmor support for vhost-user socket files used to communicate with the vhost-user server app. Those ones defined with something like:<interface type='vhostuser'><mac address='02:ed:f3:5d:de:f3'/>
<source type='unix' path='/var/run/vrouter/uvh_vif_tapa8396c51-2a' mode='client'/>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>I added something like this into get_files() function in virt-aa-helper.c:for (i = 0; i < ctl->def->nnets; i++) {if (ctl->def->nets[i] &&ctl->def->nets[i]->type == VIR_DOMAIN_NET_TYPE_VHOSTUSER &&ctl->def->nets[i]->data.vhostuser) {virDomainChrSourceDefPtr vhu = ctl->def->nets[i]->data.vhostuser;if (vah_add_file_chardev(&buf, vhu->data.nix.path, "rw",vhu->type) != 0)goto cleanup;}}However, there is a restriction for the socket file types in valid_path() function:switch (sb.st_mode & S_IFMT) {case S_IFSOCK:return 1;break;default:break;}That prevents this from working.May I ask why the socket file types are restricted? Vhost-user uses sockets so if I want to use apparmor virt-aa-helper has to be able to add the line for the socket file into /etc/apparmor.d/libvirt/libvirt-UUID.files.Regards,
Michal
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list